A new, advanced spear phishing cyber threat has been found to specifically target government agencies, with the covert advanced persistent threat (APT) looking to steal information and data.
The malware, dubbed ‘Netrepser’, is built around a legitimate, yet controversial recovery toolkit provided by Nirsoft.
Bitdefender, who uncovered the new targeted attack, said that the attack “is part of a high-level cyber-espionage campaign.”
As many as 500 infected bots were accounted for during an assessment, with Bitdefender having traced the presence of the threat back to May 2016. The threat has also been found to so far predominantly target government agencies.
The preloaded attack is armed with different options for stealing information and is able to deploy methods such as keylogging to achieve its ends. .
The Nirsoft toolkit has been surrounded by controversy as the applications provided are made for recovering cached passwords and monitoring network traffic. These processes can also be run in a covert capacity, adding to the desirability of these tools to threat actors.
This attack stands out as it is a targeted attack, but it is constructed and deployed using public tools; usually targeted attacks such as this are custom-made and minimally equipped.
Nation-state espionage and potential hacking has been prominent in the news, and it has gained further traction in light of recent and current election campaigns in Europe. In recent weeks there have been questions raised surrounding a potential attempt to breach the security Emmanuel Macron’s campaign.
READ MORE: French election odds favour Macron but was the campaign targeted by hackers?
The Netrepser attack represents a more formidable form of cyber-threat, but the potential nation-state action against the Macron campaign was relatively low tech, as it involved false domains attempting to capture usernames and passwords from unassuming members.
This is not a lone example, as even phishing attacks have been precursors to nation-state attacks, according to Verizon Data Breach Investigation Report statistics.