About these ads
Home > Security > The Psychosis of Targeted Attacks

The Psychosis of Targeted Attacks


Apparently the “Psychosis of Targeted Attacks” is plaguing not only the end users but even the security researchers, leading to dangerous collisions and clamorous retractions.

Yesterday the security firm FireEye published a blog post about the well-known Gauss targeted attacks, concluding that there was some sort of relationship between the Gauss and Flame malware actors based on observing C&C communication going to the Flame C&C IP address.

Unfortunately they did not realize they were observing the activities of a sinkhole operated by Kaspersky in which the sinkhole process had been organized to monitor both the Flame and Gauss C&C infrastructure.

Kaspersky Chief Security Expert Alexander Gostev explains the reasons of the misleading conclusions:

After discovering Gauss we started the process of working with several organizations to investigate the C2 servers with sinkholes. Given Flame’s connection with Gauss, the sinkhole process was being organized to monitor both the Flame and Gauss’ C2 infrastructures. It’s important to note that the Gauss C2 infrastructure is completely different than Flame’s. The Gauss C2s were shut down in July by its operators and the servers have been in a dormant state by the operators since then. However, we wanted to monitor any activity on both C2 infrastructures.

During the process of initiating the investigation into Gauss C2s and creating sinkholes we notified trusted members of the security and anti-malware community about the sinkhole IP and operation so that they were aware of any activity. FireEye’s post about the Gauss C2 samples connecting to the same servers as Flame are actually our sinkholes they’re looking at.

With some easy Googling and checking on WhoIs, researchers could have verified all of this.

Since the investigation and sinkhole operation are still in progress we do not have any more information to provide at this time.

About these ads
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 3,091 other followers