Kaspersky Lab has reported an increase in aggressive activity against Indian organizations involved in environmental, economic and government policy. The attackers have been targeting organizations for a few years now by abusing a Windows service - Windows Management Instrumentation (WMI) - to get access to sensitive information. The malicious operations have been executed with the help of WMIGhost/Shadow Trojan.
To establish a foothold in target organizations within the Ghost malicious campaign, the attackers generally re-use current headline news for spearphishing attacks.Kaspersky Lab detects the WMIGhost family as "Trojan.Win32.Gupd".
Kaspersky Lab Chairman & CEO Eugene Kaspersky said, "We are seeing more of these current attacks occurring throughout the country, targeting government and military agencies, NGOs, subcontractors and technology developers. The scope of these attacks is getting broader all the time. Meanwhile, other actors are currently working to exfiltrate more data from India. Indian organizations are being bombarded with spearphishing and webserver attacks on multiple levels - and there is no end in sight."
The list of advanced persistent threat groups targeting Indian organizations is long. Among the malicious campaigns interested in Indian targets we find the infamous Gh0stNet, Shadownet, an Enfal, Red October, NetTraveler, the LuckyCat, the Turla APT, a Mirage, and the Naikon. In some cases, Kaspersky Lab has seen unusual new techniques, some for infiltrating mobile devices by the Chuli attackers, the Sabpub attackers' focus on Apple's OS X devices, and various effective watering holes.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.