The highly sophisticated operation shares code with the Hermes malware, and may be linked to the Lazarus Group APT actor.

A massive proxy botnet is just the tip of the iceberg, a warning sign of a bigger operation in the works by the Ramnit operators.

This backdoor can be used for espionage and for dropping additional malware.

This is the first evidence of the China-linked threat actor’s activity since hacked the U.K. government and military in 2017 (which wasn’t made public until 2018).

With a nest full of spy capabilities and good hiding techniques, the InvisiMole was able to tunnel under the radar for at least five years.”

The low-cost malware lowers the barrier of entry for carrying out advanced data exfiltration.

The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers.

While it’s a simple payload for now, researchers said Vega has the ability to evolve into something more concerning in the future.

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.

Operations Manager at Paterva Andrew Macpherson outlines the details of the “Digital Intelligence Gathering using Maltego” course being offered at SAS 2017.