Sophisticated hacker group attacks government and drug dealers

A highly-sophisticated hacker group has researchers completely baffled as it steals data from drug dealers and government entities simultaneously, The Guardian reported.

The group has come to be known as 'MiniDuke' after the malware the group uses. The attackers initially appeared to have been supported by a nation state, given the targets had been a range of government agencies and research institutes from across the globe.

However, an anomaly seen in the logs of Kaspersky Labs researchers in recent months indicated that individuals involved in drug deals had been affected in equal measure by the MiniDuke hackers.

After the researchers tracked one of the command and control servers used by the attackers, they were led to a site dispensing illegal substances, which included certain kinds of steroids and hormones.

The findings led Vitaly Kamluk, principal security researcher at Kaspersky, and his colleagues to several possibilities as to the nature of MiniDuke. The hackers could be ''cyber mercenaries'', with several subdivisions selling their services to different groups, including possibly law enforcement authorities and government clients, or a competing criminal group working to track a rival drug dealers.

Meanwhile, thethreatpost reported that the Miniduke advanced persistent threat (APT) campaign uncovered by researchers at Kaspersky Lab and CrySys Lab in February 2013 had returned following a year-long hiatus in which attacks had stopped entirely.

While the initial Miniduke operations primarily targeted government organisations in Europe, the second wave of attacks had expanded its scope to an assortment of other groups, the strangest of which were online peddlers of illegal substances.

In addition to spying on people who sold hormones and steroids online, the resurgent attack campaign also sought information from organisations involved with government, diplomatic organisations, energy, telecommunications, and military contracting. The revamped Miniduke had more tools to steal data and better protections designed to keep researchers away from that data.

The group, at the time of its initial discovery was unique among other APT hackers due to its custom backdoor written in the relatively outdated assembler language, a novel command and control infrastructure with multiple redundancy paths including Twitter accounts, and a form of steganography in which the developers stealthily transferred their updated executables in .gif files.