Wild Neutron
More about the Wild Neutron group, its tactics, techniques, procedures and tools
-
The way of propagation
Exploits , Watering hole attacks -
Purpose/Functions
Data theft -
Special features
The group’s targeting of major IT companies, spyware developers (FlexiSPY), jihadist forums (the “Ansar Al-Mujahideen English Forum”) and Bitcoin companies indicate a flexible yet unusual mindset and interests
-
Targets
Financial institutions , Information technology , Investments , Manufacturing , Pharmaceutical , Private companies , Software companies , Specific individuals , Trade and commerce -
Artefacts/Attribution
The origin of the attackers remains a mystery. In some of the samples, the encrypted configuration includes the string “La revedere” (“Good bye” in Romanian) to mark the end of the C&C communication. In addition to that, Kaspersky Lab researchers have found another non-English string which is the Latin transcription of the Russian word “Успешно” ("uspeshno" -> "successfully").
-
Description
A powerful threat actor active since 2011 targeting high-profile companies. It became well-known after successfully infecting companies, such as Facebook, Apple, Twitter, and Microsoft, by taking advantage of a Java zero-day exploit. This actor has also shown an interest in investment-related targets, suggesting they are conducting espionage for financial gain.