A sophisticated computer "mole" has been discovered in the computers of Myanmar government and non-governmental organizations, which is believed to have been launched by an Asian source.
The cyber threat was announced by Arbor's Security Engineering and Response Team (ASERT) on its website on January 11. ASERT called the computer threat "The Seven Pointed Dagger."
The computer threat involves a newly discovered Remote Access Trojan (RAT) which has been labeled Trochilus by security researchers at Arbor Networks.
Trochilus (pronounced "tro kil us") is part of a seven-piece malware cluster that offer hackers a variety of capabilities, including deep entry into compromised networks and snooping on data, ASERT said on its website.
The trail that led to the discovery of Trochilus began last year after Arbor Networks and other security research organizations discovered two malware strains targeting government websites in Asia and most particularly Myanmar.
The website said in late 2015 ASERT began investigations into a strategic web compromise (aka "Watering Hole") involving websites operated by the government of Myanmar and associated with recent elections.
"All indicators suggest that the compromises were performed by an actor group known to collaborators at Cisco's Talos Group as 'Group 27.' These initial findings – focused around the PlugX malware – suggested that Special Economic Zones (SEZs) in Myanmar were of interest.
"A cluster of seven malware samples was discovered and named the 'Seven Pointed Dagger' as a convenient reference," said the website."These seven packaged malware offer threat actors a variety of capabilities including the means to engage in espionage and the ability to move laterally within target networks in order to achieve more strategic access."
Arbor said Trochilus is being "driven by East Asian threat actors," which has been interpreted to mean the Chinese government or military, or possibly North Korea.
A computer technology website, SC magazine, said the malware targeted a number of groups in Myanmar including the president's office, the country's Union Election Commission Office and, researchers believe, the UN Development Programme (UNDP).
Who could have carried out this kind of attack? Palo Alto Networks, a security consulting firm, when reporting on the group's use of the 3102 Malware on media organizations in Europe and government departments in the US, called "Group 27" a Chinese source. Other groups say there is not sufficient information to make a definitive identification.
A full report can be found on the Arbor website at Uncovering the Seven Poi#579899[1]
References
- ^ Uncovering the Seven Poi#579899 (asert.arbornetworks.com)