A strain of malware has been used to hack diplomatic and government computers since 2016, according to security researchers.

The malware, named Gazer, “has managed to infect a number of computers around the world, with the most victims being located in Europe,” according to anti-virus maker ESET. “Curiously, ESET’s examination of a variety of different espionage campaigns which used Gazer has identified that the main target appears to have been Southeastern Europe as well as countries in the former Soviet Union.”

ESET believes Gazer is the handiwork of a global cyberespionage group called Turla. That assessment is based on similarities with other Turla hacking, such as targeting embassies and ministries, initial spear-phishing with a first-stage backdoor such as Skipper, followed by a second, more stealthy backdoor such as Carbon, Kazuar and Gazer.

“The second-stage backdoor receives encrypted instructions from the gang via C&C servers, using compromised, legitimate websites as a proxy,” ESET said.

“Another notable similarity between Gazer and past creations of the Turla cyberespionage group become obvious when the malware is analyzed,” ESET added. “Gazer makes extra efforts to evade detection by changing strings within its code, randomizing markers, and wiping files securely. In the most recent example of the Gazer backdoor malware found by ESET’s research team, clear evidence was seen that someone had modified most of its strings, and inserted phrases related to video games throughout its code.”

Share:
More In