OnionDuke

Pierluigi Paganini September 17, 2015
The DUKES APT – 7 years of Russian state sponsored hacking

F-Secure has published an interesting report on the cyber espionage operations conducted by the Dukes APT group, which appears linked to the Kremlin. Security researchers at F-Secure have published an interesting report detailing the cyber espionage operation of a Russian APT group, dubbed the Dukes, the experts speculate the group is backed by the Russian government. […]

Pierluigi Paganini July 14, 2015
Seaduke, another weapon in the Duke arsenal

Security researchers at Symantec have analyzed Seaduke, a sophisticated Trojan used by threat actors behind the “Duke” malware family. Security experts at Symantec security firm have analyzed the Trojan.Seaduke, a malware that was used by the APT group behind the Duke espionage campaigns that targeted numerous government organizations worldwide. The Seaduke has many similarities with other […]

Pierluigi Paganini April 23, 2015
The CozyDuke, the last Russian APT group

Kaspersky Lab discovered another APT group dubbed CozyDuke which is believed to have hacked the US Department of State and the White House. Experts at Kaspersky Lab have uncovered a new advanced persistent threat (APT) dubbed CozyDuke that targeted several high-profile organizations in the second half of 2014. Kaspersky experts have published an interesting blog post that includes […]

Pierluigi Paganini January 12, 2015
MiniDuke, CosmicDuke and OnionDuke have a same matrix

Security experts collected further evidences of the link between the CosmicDuke, Miniduke and OnioDuke Advanced Persistent Threat campaigns. Researchers at F-Secure firm are constantly monitoring the cyber espionage campaigns MiniDuke, CosmicDuke and OnionDuke and provided an interesting update on the hacking operation. Below a short description of the campaigns: MiniDuke: Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security, or CrySyS, […]

Pierluigi Paganini November 16, 2014
OnionDuke: APT Attacks exploited the Tor Network

Experts at F-Secure discovered a link between the crew operating a rogue Tor node used to spread OnionDuke malware and MiniDuke APT. A few weeks ago the security research Josh Pitts of Leviathan Security Group identified a Russian Tor exit node that is patching the binaries downloaded by the users with malware. The researcher informed officials […]