CosmicDuke
-
First known sample
2012 -
Discovery
2013 -
Number of targets
100-1000 -
Current status
Active -
Type
Backdoor -
Targeted platforms
Windows -
TOP targeted countries
Azerbaijan , Belarus , Cyprus , Georgia , Great Britain , Greece , India , Kazakhstan , Lithuania , Russia , Ukraine , United Arab Emirates -
Connected attacks
-
The way of propagation
Trojanized software installers -
Purpose/Functions
Data wiping -
Special features
The TinyBaron/CosmicDuke custom backdoor is compiled using a customizable framework called "BotGenStudio", which has sufficient flexibility to enable/disable components when the bot is constructed.
-
Targets
Diplomatic organizations/embassies , Military , Specific individuals , Telecoms -
Artefacts/Attribution
Although the attackers use English in several places, there are certain indicators – like strings in a block of memory appended to the malware component used for persistence – that make experts believe they are not native English speakers.
-
Description
A newer version of the backdoor malware “MiniDuke” uncovered in 2013. The malware spoofs popular applications designed to run in the background and creates a backdoor in the infected system to steal a variety of information. The malware targets high-level organizations, including those representing the government and diplomatic sector, primarily in Eastern Europe and the US.