Researchers at cyber security firm Bitdefender recently unveiled a new targeted attack and named it Netrepser. What makes this threat different from other APTs (advanced persistent threat) is that it was built with readily available software tools.
The goal of Netrepser, according to Bitdefender, is to steal data from government agencies. No information on which agencies were targeted. Netrepser uses multiple methods to get its tiny digital hands on the victim’s information, from keylogging, to password theft, to cookie theft. At the very heart of this tool is a "legitimate, yet controversial" recovery toolkit provided by Nirsoft.
Nirsoft provides apps used to recover cached passwords or monitor network traffic. They work through powerful command-line interfaces that can be instructed to run completely unnoticed. Bitdefender says Nirsoft’s apps have been flagged as potential security threats long ago, mostly because they’re "extremely easy to abuse," and "oversimplify the creation of powerful malware."
The report also says up to 500 bots were identified during initial assessment, that only government agencies and organizations have been targeted, and that the first samples of the malware were spotted in May 2016.
"Because of the nature of these attacks, attribution is impossible unless we dig into the realm of speculation. Our technical analysis however, has revealed that some documents and file paths this campaign is using are written in Cyrillic," the researchers say.
For additional information, including technical specifics, please refer to the full report available here.