A malware downloader has been spotted using novel “Port Monitor” methods that have not been detected before in active campaigns.
Dubbed DePriMon, the malicious downloader is used to deploy malware used by Lambert — also known as the Longhorn advanced persistent threat (APT) group — which specializes in attacks against European and Middle Eastern companies.
Kaspersky estimates that Lambert has been active since at least 2008, whereas Symantec rounds up the year as closer to 2011.
The threat actors use a variety of vulnerabilities, from zero-day bugs including the CVE-2014-4148 Windows exploit and backdoor malware to infiltrate government, financial, telecoms, energy, aviation, IT, and educational sectors, prompting the belief that Lambert may be state-sponsored.
Read more…
Source: ZDNet