Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyberespionage arsenal could be tied to French intelligence agencies

Lucian Constantin | March 10, 2015
A collection of computer Trojans that have been used since 2009 to steal data from government agencies, military contractors, media organizations and other companies is tied to cyberespionage malware possibly created by French intelligence agencies.

"We are confident that the same group developed Bunny, Babar and Casper," the ESET researchers said in a blog post. Casper did not contain any clues that would point to a French origin, but the use of zero-day exploits indicates that it was created by a powerful organization, they said.

Finally on Friday, researchers from Kaspersky Lab completed the picture with three more malware programs called Dino, Nbot and Tafacalou that they believe were created by the same group as Bunny, Babar and Casper. The Kaspersky researchers have dubbed the group Animal Farm and believe it has been active since at least 2009.

Over the years the group targeted government organizations, military contractors, humanitarian aid organizations, private companies, activists, journalists and media organizations, the Kaspersky researchers said in a blog post.

Tafacalou is a first-stage Trojan that the attackers use to check if the infected computers belong to their intended targets before deploying the more potent Dino or Babar cyberespionage implants.

Kaspersky has seen Tafacalou infections in Syria, Iran, Malaysia, USA, China, Turkey, Netherlands, Germany, Great Britain, Russia, Sweden, Austria, Algeria, Israel, Iraq, Morocco, New Zealand and Ukraine.

While the researchers stop short of associating Animal Farm with any specific country or intelligence agency, they point out that Tafacalou might be a French variation for the phrase "so it's getting hot" in Occitan, a language spoken in Southern France, Monaco and some areas of Italy and Spain.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.