Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] APT1s GLASSES – Watching a Human Rights Organization

Ronald Deibert r.deibert at utoronto.ca
Mon Feb 25 13:54:43 PST 2013


Hi Lib Tech

The Citizen Lab's Seth Hardy has authored a new research post, "APT1s GLASSES – Watching a Human Rights Organization,"
which analyzes some malware targeting civil society that relates to data in the much discussed Mandiant report.

Key Findings

	• Malware (“GLASSES”) sent in 2010 is a simple downloader that is closely related to the GOGGLES malware described by Mandiant in their APT1 report.
	• GLASSES was sent in a highly targeted email to a Tibetan human rights organization, demonstrating that APT1 is involved in more than just industrial and corporate espionage, with attacks against civil society actors documented as early as almost three years ago.
	• The methods and infrastructure of this attack are consistent with those described in Mandiant’s APT1 report, e.g., spear phishing against an English-speaking target, having an infrastructure of compromised machines for malware distribution and C2 operation.
	• The GLASSES sample analyzed shares a large percentage of code and an operational C2 server with a GOGGLES sample, indicating that they are from the same source.
	• The GOGGLES sample we discovered that communicates to the shared C2 server is not exactly the same as described in the Mandiant report, indicating that GLASSES may be a variant of GOGGLES, and that the software has been used while under active development.

Link here for those interested in the further and complete details:
https://citizenlab.org/2013/02/apt1s-glasses-watching-a-human-rights-organization/

Regards
Ron


Ronald J. Deibert
Professor of Political Science
Director, The Canada Centre for Global Security Studies and
The Citizen Lab
Munk School of Global Affairs
University of Toronto
r.deibert at utoronto.ca
http://deibert.citizenlab.org/
twitter.com/citizenlab







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130225/7b894415/attachment.html>


More information about the liberationtech mailing list