Crouching Yeti

  • First known sample

    2010
  • Discovery

    2014
  • Number of targets

    1000-3000
  • Current status

    Active
  • Type

    Backdoor , Remote administration tool
  • Targeted platforms

    Windows
  • TOP targeted countries

    CIS , France , Germany , Ireland , Italy , Japan , Poland , Spain , Turkey , Ukraine
  • The way of propagation

    Exploits , Social engineering , Trojanized software installers , Watering hole attacks
  • Purpose/Functions

    Data wiping
  • Special features
    Interest in OPC/SCADA. Trojanized software used to administer remote OPC servers as well as modules to scan networks for OPC servers.
  • Targets

    Construction , Education , Industrial/machinery , Information technology , Manufacturing , Pharmaceutical
  • Artefacts/Attribution
    Russian-speaking authors
  • Description

    An APT actor active since 2010 that launches information-stealing campaigns. By repackaging legitimate software installers and utilizing waterhole attacks, the group installs backdoors in targeted systems. The primary victims are organizations representing the industrial/machinery building sector of European countries, the US, China, and Japan.

    Additional information