May 5, 2017
New Cyber Campaign Netrepser Compromised More than 500 Ministries and Departments Worldwide
By Sam Jones, Financial Times
In a report published on Friday, cyber security company Bitdefender said it had amassed evidence of hundreds of intrusions by the hackers, including of classified government networks, over at least 12 months.
Bitdefender has dubbed the malware the group uses “Netrepser”.
Some of the script in phishing emails and command and control infrastructure associated with the malware is in Cyrillic, Bitdefender’s report said, but the company stressed it has been unable to attribute responsibility to any particular nation state because of an almost complete lack of digital fingerprints in the code....
According to Bitdefender, Netrepser has been stitched together by creators entirely from code and applications publicly available online as freeware....
When attacked by Netrepser, most systems therefore write it off as just another nuisance bombardment — classifying it with the same severity as an advertising pop-up — rather than a serious threat.
“It’s not sophisticated at all, it’s very simple, and it’s its simplicity which makes it so beautiful as an attack,” said Bogdan Botezatu, senior threat analyst at Bitdefender. “The [intrusions] are flagged [by defence systems] but they are not flagged as malware — and as a result, most systems dramatically downplay their significance.”
The group operating Netrepser has been “incredibly successful” Mr Botezatu said. “We don’t know what was stolen, but everything was up for grabs,” he added.