View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 8, 2016updated 04 Sep 2016 10:29pm

Dyre malware cyber gang disrupted following raid on Moscow office

News: Malware has been used in cyber attacks against Bank of America and JPMorgan Chase.

By Vinod

Russian authorities have reportedly disrupted a Dyre malware gang following raids on Russian film distribution and production company, 25th Floor.

The firm was raided last November as part of crackdown against the Dyre malware gang, reports Reuters.

Dyre malware was reportedly deployed in cyber attacks against financial institutions like Bank of America and JPMorgan Chase.

It is not clear whether the raid managed to cripple the network altogether, as security researchers say that there have been Dyre attacks since the raids were carried out.

According to Reuters, a number of people have been questioned about their links to the gang but it is not clear whether any arrests or any criminal charges have been made following the raid.

25th Floor is involved in the distribution of movies and TV shows in Russia and other East European and near-east countries.

There is no evidence of the firm having been implicated in any crime, nor any confirmation regarding the link between the shutting of the programme and the raid.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Cyber experts, however, believe that that Dyre malware infection stopped following the raid.

iSight Partners cyber crime expert John Miller told the news agency: "We have seen a disruption over the last few months that is definitely consistent with successful law enforcement action."

Cyber security company Kaspersky Lab is helping Russian authorities in the Dyre investigation. A source familiar to the matter told Reuters that the company would reveal the details of the case during its annual conference for security experts. The conference plan was yet to be confirmed by the company.

According to security experts, Dyre Trojan uses a man-in-the-middle (MitM) attack technique called "browser hooking."

Browser hooking allows attackers to divert users to fake websites, prompting them to provide their login details. After securing the login details, the attackers use the infected device or proxy to steal data.

According to Trendmicro, the Dyre virus typically arrives in users’ systems via an UPATRE downloader detected as TROJ_UPATRE.SMBG that arrives as an attachment in spam emails.

After installation of the virus, it downloads a worm (or WORM_MAILSPAM.XDP) that can compose email messages in Microsoft Outlook, with an attached UPATRE malware.

According to IBM, spear phishing, malware (initial infection via Upatre), social engineering, complex process injections, the Deep Web and even Distributed Denial of Service (DDoS) are some of the techniques used by the Dyre malware attackers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.