Two years ago, Kaspersky Lab have tracked and analyzed a hacking group called Wild Neutron that attacked major IR companies like Apple, Facebook, Twitter and Microsoft. Unfortunately, the attacks resumed and continued this year.
According to the researchers at Kaspersky Lab, Wild Neutron is unusual compared with other hacking groups. The group managed to keep a solid operational security that makes their origin difficult to trace.
n 2013, a hacker group known to Kaspersky Lab as “Wild Neutron” (and which is also known as “Jripbot” and “Morpho”) attacked several high profile companies including Apple, Facebook, Twitter and Microsoft.
After the incident was widely publicized, the threat actor went dark for almost a year. In late 2013 and early 2014, the attacks resumed and have continued in 2015.
The actor uses a stolen valid code verification certificate and an unknown Flash Player exploit. They use these to infect companies and private users around the world and steal sensitive business information.
Kaspersky Lab products successfully detect and block the malware used by the Wild Neutron threat actor with the following detection names:
Trojan.Win32.WildNeutron.gen,
Trojan.Win32.WildNeutron.*,
Trojan.Win32.JripBot.*,
Trojan.Win32.Generic
To learn more about the Wild Neutron hacker group, please read the blog post available at Securelist.com.
How GReAT works: http://youtu.be/FzPYGRO9LsA
More information about the Wild Neutron attribution is available to Kaspersky Intelligence Services customers. Contact: intelreports@kaspersky.com
