Kaspersky: A fake Telegram APP targets Kazakh opposition parties with the Octopus Trojan. The aim is a cyber-espionage and cyber warfare operation
It’s dubbed Octopus and it’s a Trojan disguised as a new version o Telegram. It has been used for cyber espionage campaigns against Kazakh opposition parties. It has been discovered by Kaspersky cyber security experts. Once installed, it provides its authors with remote access to victims’ machines. The lure is the messenger, as it could be banned in the region for (officially) security reasons. So, the malicious hackers crated a fake version of the social media that impersonate an alternative version of Telegram. Moreover, the launcher was disguised with a symbol of one of the opposition political parties in the region, and had the malware inside. Once activated, the attackers can carry out various operations with data on the infected computer, including deletion, blocks, modifications, copying and downloading. In this way, the threat actors can spy on their targets, steal information, and gain backdoor access to the systems.
The cyber security experts: Behind the cyber attacks, there could be the Russia-speaking APT DustSquad and the malware campaign has similarities with operation Zoo Park
According to Kaspersky, there are similarities between the Octopus Trojan campaign and another notorious cyber-espionage operation that imitate a Telegram application to spy on victims. It was dubbed Zoo Park and it used a malware by an Advanced Persistent Threat (APT): DustSquad. The Russian-speaking cyber-espionage group previously detected in former USSR countries in Central Asia, as well as Afghanistan. Within the last two years the cyber security researchers uncovered four DustSquad campaigns with custom Android and Windows malware, aimed at private users and diplomatic entities alike. So, the group could be expand its actvivities in the region and target new entities. Especially with the approaching of the elections (2020).