The infamous Sednit cyber-espionage group that has been attacking various institutions especially in Eastern Europe in the past has recently started to use a new exploit kit to distribute their malware, ESET research lab in Montreal is reporting. Among the attacked websites is a large financial institution in Poland. ESET has uncovered that the group uses domains similar to those of existing websites related to the military, defense and foreign affairs.
“We recently came across cases of legitimate financial websites being redirected to a custom exploit kit. Based on our research and on some information provided by the Google Security Team, we were able to establish that it is used by the Sednit group. This is a new strategy for this group which has relied mostly on spear-phishing emails up until now,”says ESET researcher Joan Calvet.
ESET has in particular analyzed redirections to the exploit kit from websites belonging to a large financial institution in Poland. In its attack, Sednit is misusing legitimate websites related to military and defense topics. During the exploit attack remotely-controlled malware with various malicious activities is being installed on the system.
“This might be indicative of an ongoing campaign against those sectors,” adds Duquette.
In recent years, exploit kits have become a major method employed to spread crimeware, malware intended for mass-scale distribution to facilitate financial fraud and abuse of computing resources for purposes such as sending spam, bitcoin mining, credentials harvesting and other. Since 2012, ESET has observed this strategy is being used for espionage purposes as well in what has become known as “watering-hole attacks” or “strategic web compromises.” A watering-hole attack can be described as redirecting traffic from websites likely to be visited by members of a specific organization or industry being targeted.
Read more about the story on ESET’s WeLiveSecurity.com.