Kaspersky Lab Finds Octopus Trojan Disguised as Messenger to Attack Central Asian Diplomatic Organizations

 Kaspersky Lab researchers have discovered a wave of targeted cyber-espionage attacks aimed at Central Asian diplomatic organizations. The Trojan called “Octopus,” disguised as a version of a popular and legitimate online messenger, was attracting users amid the news of a possible ban on Telegram messenger in the region. Once installed, Octopus provided attackers with remote access to victims’ computers.

Threat actors are constantly seeking exploitable modern trends and adjusting their methods to jeopardize users’ privacy and sensitive information across the world. In this case, the possible prohibition of the widely used Telegram messenger allowed threat actors to plan attacks using the Octopus Trojan, subsequently providing the hackers with remote access to a victim’s computer.

Threat actors distributed Octopus within an archive disguised as an alternative version of Telegram messenger for Kazakh opposition parties. The launcher was disguised with a recognizable symbol of one of the opposing political parties from the region, and the Trojan was hidden inside. Once activated, the Trojan gave the actors behind the malware opportunities to perform various operations with data on the infected computer, including (but not limited to) deletion, blocks, modifications, copying and downloading. As a result, the attackers were able to spy on victims, steal sensitive data and gain backdoor access to the systems. The scheme has some similarities with an infamous cyber-espionage operation called Zoo Park, in which the malware used for the APT was mimicking a Telegram application to spy on victims.

Using Kaspersky Lab algorithms that recognize similarities in software code, security researchers discovered that Octopus could have links to DustSquad - a Russian-speaking cyber-espionage actor previously detected in former USSR countries in Central Asia and Afghanistan since 2014. Within the last two years, the researchers have detected four of their campaigns with custom Android and Windows malware aimed both at private users and diplomatic entities.

“We have seen a lot of threat actors targeting diplomatic entities in Central Asia in 2018,” said Denis Legezo, security researcher, Kaspersky Lab. “DustSquad has been working in the region for several years and could be the group behind this new threat. Apparently, the interest in this regions’ cyber affairs is growing steadily. We strongly advise users and organizations in the region to keep an eye on their systems and instruct employees to do the same.”

To reduce the risk of falling victim to sophisticated cyberattacks, Kaspersky Lab recommends implementing the following measures:

• Educate staff on digital hygiene and explain how to recognize and avoid potentially malicious applications or files. For example, employees should not download and launch any apps or programs from untrusted or unknown sources.
• Use a robust endpoint security solution with Application Control functionality that limits an application’s ability to launch or access critical system resources.
• Implement a set of solutions and technologies against targeted attacks such as Kaspersky Anti Targeted Attack Platformand Kaspersky EDR. These can help detect malicious activity across the network and effectively investigate and respond to attacks by blocking their progress.
• Make sure that your security team has access to professional threat intelligence.

Read the full report on Securelist.com.

About Kaspersky Lab 
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.