• First known sample

  • Discovery

  • Current status

    Inactive since 2018
  • Type

    Cyber-espionage framework
  • Targeted platforms

  • TOP targeted countries

    Afghanistan , Belarus , Iran , Russia , Sudan , Syria , United Arab Emirates , Ethiopia , Tanzania
  • The way of propagation

    Spear phishing with malicious Word documents
  • Purpose/Functions

    Cyberespionage , Data theft
  • Targets

    Energy , Medical Industry , Military contractors , Telecoms , oil and gas companies
  • Description

    An APT group active for at least eight years, from 2009 until 2017. It used spear phishing to drop its malware—a full cyber-espionage framework made from scratch and capable of collecting massive amounts of information about the user and the infected system. It was found targeting medical institutions, atomic energy bodies, military organizations and telecommunications companies in Western Asia and Northeastern Africa. DarkUniverse is connected with activities by the APT actor ItaDuke

    Additional information