RUSSIAN SECURITY FIRM Kaspersky Lab has warned that Miniduke spyware attacks are back and are targeting a range of victims.
Kaspersky last warned of Miniduke attacks in 2013 when it said that governments had become victims of the spyware. Then it said that the software had the hallmarks of attacks from the early 2000s, suggesting that hibernating hackers were behind it.
"I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld," the firm's founder and CEO Eugene Kaspersky said then.
"These elite, 'old school' malware writers were extremely effective in the past at creating highly complex viruses, and are now combining these skills with the newly advanced sandbox evading exploits to target government entities or research institutions in several countries."
The time between reawakenings seems to be shortening, and it is a little over a year since Kaspersky issued that statement. Kaspersky has news of more recent attacks, and reckons that the Miniduke spyware is more sophisticated now and potentially in use by law enforcement agencies. It now includes new backdoor features dubbed Cosmicduke.
"Kaspersky Lab researchers have discovered that the old style Miniduke implants from 2013 are still around and are being used in active campaigns that target governments and other entities," it said.
"In addition, Miniduke's new platform - Botgenstudio - may be used not only by Advanced Persistent Threat style attackers, but by law enforcement agencies and traditional criminals too."
Botgenstudio has been used to create a three-pronged assault, said the firm, and it has created a new Miniduke with increased reconnaissance, infiltratration and persistence features.
The firm said that the software has unexpected features and some equally unexpected victims.
"It's a bit unexpected - normally, when we hear about APTs, we tend to think they are nation-state backed cyber espionage campaigns," said Vitaly Kamluk, principal security researcher with Kaspersky's global research and analysis team.
"But we see two explanations for this. One possibility is that malware platform Botgenstudio used in Miniduke is also available as a so-called 'legal spyware' tool, similar to others, such as Hackingteam's Remote Control System, widely used by law enforcement. Another possibility is that it's simply available in the underground and purchased by various competitors in the pharma business to spy on each other". µ