Hackers Infect Microphones to Spy on Ukrainian, Russia, Saudi Arabia, and Austria Organizations

The security firm CyberX has discovered a cyber espionage operation that has stolen 600 gigabytes worth of data from some 70 organizations across Ukraine, but also targets in Russia, Saudi Arabia, and Austria. The infected organizations span industries involved in critical infrastructure, news media, and scientific research. The campaign, known as Operation BugDrop, injects malware into the victims’ computers to capture screen shots, documents, and passwords, and is capable of turning on the computer’s microphone to gather audio recordings of conversations taking place in the computer’s vicinity. The hackers infect victims by using compromised Microsoft Word documents sent through phishing emails, and once the malware accesses the various files, data, and audio, it sends it on to a Dropbox where it can be retrieved by the hackers.

The Cipher Take:The types of targets, as well as the sophisticated malware coupled with targeted spearphishing attacks, indicates the hackers are probably working with the support of a nation-state—most likely Russia. The method used for injecting the malware, something known as Reflective DLL Injection, was a technique also leveraged by the BlackEnergy malware used in the 2015 Ukrainian power grid attack—a piece of malware also affiliated with the U.S. “Grizzly Steppe” report on Russian hacking activities. While the same injection technique was used in the Stuxnet breach revealed in 2010, it is possible others then commandeered the method as a viable mode of intrusion. 

https://www.thecipherbrief.com/subscribe