Iron Liberty, a Russia-based cyber espionage group known for targeting energy, nuclear, and defense organizations worldwide, may have developed a dangerous new technique called a "man-on-the side" attack.
Secureworks warned about the new threat in a report this week describing a "man-on-the-side" (MOTS) attack to install malware. The security firm says MOTS differs from a typical man-in the-middle (MITM) attack.
"The difference between MITM and MOTS is straightforward," says Don Smith, senior director of the Counter Threat Unit at Secureworks. "With MITM, the attacker is present on infrastructure the traffic is traversing and can tamper with it," he says. "With MOTS, the attacker has sufficient access to observe and inject traffic which through timing/bandwidth is consumed by the victim before the legitimate reply arrives."
The security vendor's theory is based on its analysis of a campaign last year where Iron Liberty actors managed to install a malware tool called Karagany on a target system without leaving any trace of how they did it. According to Secureworks, its research showed no evidence of a phishing email, drive-by-download, or a malicious link being used to drop the malware on the system.
Secureworks' forensic analysis showed that Karagany was installed on the system shortly after its user initiated a legitimate request to download Adobe Flash over HTTP from Adobe's official website. Logs showed that Karagany was installed on the system in the short period of time during when the user request was initiated and the Adobe file was downloaded.
Secureworks found that Kargany files were dropped on the system j ..
Support the originator by clicking the read the rest link below.
