Details on Uzbekistan Government Malware: SandCat
Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers.
The group’s lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky’s antivirus software on machines it uses to write new malware, allowing Kaspersky to detect and grab malicious code still in development before it’s deployed; and embedding a screenshot of one of its developer’s machines in a test file, exposing a major attack platform as it was in development. The group’s mistakes led Kaspersky to discover four zero-day exploits SandCat had purchased from third-party brokers to target victim machines, effectively rendering those exploits ineffective. And the mistakes not only allowed Kaspersky to track the Uzbek spy agency’s activity but also the activity of other nation-state groups in Saudi Arabia and the United Arab Emirates who were using some of the same exploits SandCat was using.
RealFakeNews • October 11, 2019 7:02 AM
…so Kaspersky is spyware now?
Who develops malware on a system running anti-virus? Surely any self-respecting virus author would guess they MIGHT trigger their own AV heuristics or whatever during development?
Did they get a pop-up saying their own creation had bedn detected, or are these AV apps taking data that looks interesting without notifying the user?
Surely the user in this case would know their AV snagged a copy for “research purposes” when it detected it?
Knowing Kaspersky can be used for remote access, did they get the source code?