QWERTY keylogger: “Connect the Dots”

Snowden documents lead to Regin and malware.

http://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667

The malware  seems to be related to the QWERTY keylogger found in the Snowden documents.  The researchers claim a connection with Regin malware platform and the QWERTY keylogger noted in Snowden’s documents.

Here is a blog post on the analysis of the QWERTY keylogger to the Regin malware:

https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/

This is an important conclusion in the Securelist blogpost:

Another important observation is that Regin plugins are stored inside an encrypted and compressed VFS, meaning they don’t exist directly on the victim’s machine in “native” format. The platform dispatcher loads and executes there plugins at startup. The only way to catch the keylogger is by scanning the system memory or decoding the VFSes.

Very sophisticated and very hard to detect.

 

Here is also a “Connect the Dots”  event:

http://www.darkreading.com/risk/why-russia-hacks/a/d-id/1318733

COA-map_of_Russia

It is good to know your adversary, and it is clear now that Russia may be hacking with some financial gain in mind, but it is not always the only reason

In 2008 the Russo-Georgian war was also fought on the cyber-front. Even if there is no direct communication by the Russian government and various hackers, it is easy for the criminal hackers (the civilians) to get “a message” like we don’t like the country of Georgia because of A, B, or C. And we are currently attacking  Georgia, so the civilians are in the belief that they will be  in the right to attack Georgian machines.

 

 

Why do I bring this up?Because the causes and reasons may be varied but ever more sophisticated attacks are coming(if not already here) from adversaries that have deep pockets.

ciscoreportexploitkits

If you do not up your game there will be many more Sony corp events in 2015.

Sony_Logo-hacked

we are here to help you shore up the nitty gritty… Compliance, policies, testing…  the blocking and tackling of IT security

 Contact Us

2 thoughts on “QWERTY keylogger: “Connect the Dots””

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.