September 27, 2016 by

Russian DNC Hackers Accused of Developing a Mac OS X Trojan

Researchers from security firm Palo Alto has pointed to Russian hackers behind the hack of the Democratic National Committee (DNC) as the developers of a new Trojan targeting Mac OS X machines in the aerospace industry.

A new malware that relies on social engineering before exploiting a prominent vulnerability in OS X’s MacKeeper security software can gain access to machines for a comprehensive compromise, according to security researchers’ findings.

The infamous Russian hacking group that is known by a raft of names including Sofacy Group, Fancy Bear and Pawn Storm, among others, is also believed to have hacked into NATO and European organizations across the military sector.

The Trojan, according to researchers, is capable of downloading additional malicious files to the system besides the ability to execute or delete files from storage. Titled the “Komplex Trojan”, the tool has been used in attacks on individuals from the aerospace industry, a blog post read.

It added:

The Sofacy group created the Komplex Trojan to use in attack campaigns targeting the OS X operating system – a move that showcases their continued evolution toward multi-platform attacks.

The Trojan bears characteristics with the group’s Carberp malware, another Trojan that frequently compromises PC and OS X systems that also uses the same command-and-control server. This server harvests information such as running processes and identities from the targeted machine. Furthermore, the malware also executes commands sent from the server.

Pointing to a decoy PDF document that is put to use by the Trojan, the file in question describes the Russian Federal Space Program’s projects over the next decade between 2016 and 2025.

Researchers added:

We do not have detailed targeting information regarding the  Sofacy group’s attack campaign delivering Komplex at this time; however, based on the contents of the decoy document, we believe that the target is likely associated with the aerospace industry.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Russian Hacking Group Fancy Bear Has Been Targeting Journalists Since 2014

Infamous Russian hacker group Fancy Bear, linked to state intelligence agency GRU, has been accused...

Read more arrow_forward

Banking Malware Spin-Off Targets Twitter, Facebook Accounts

A sophisticated strain of malware based on the Zeus trojan has been discovered monitoring and...

Read more arrow_forward

UK Cybersecurity Chief Blames Russia for Cyberattacks

The head of the UK GCHQ’s National Cyber Security Centre (NCSC) has accused Russia of staging...

Read more arrow_forward