With cyber criminals looming large, security in the World Wide Web is becoming a growing concern. Now, researchers are perplexed by a group of hackers dubbed MiniDuke (after the malware the group deploys) who are making off with sensitive data from both governments as well as drug dealers.
For the uninitiated, MiniDuke is an advanced persistent threat (APT) Trojan that was discovered in 2013. The Trojan was used to attack NATO and several other government agencies in Europe. At the time, it was believed that the hackers were backed by a nation state.
However, Kaspersky Lab researchers discovered an anomaly in their logs recently an indication that those involved in drug dealings were also affected by the MiniDuke hackers. The researchers traced one of the command and control servers deployed by the hackers and discovered that it tied to a site that supplied illegal substances, which included specific types of hormones and steroids.
Vitaly Kamluk, principal security researcher at Kaspersky, is of the opinion that the hacking group could be a "cyber-mercenary" outfit who split up into smaller groups and are available for a certain sum of money for lawmakers (as the hacking of drug dealers would suggest) and criminals alike.
Kamluk feels the outfit has "old-school hacking skills" as well as a "high degree of technicality" at their disposal, which makes the process of tracing MiniDuke difficult.
"They are more like underground cyber criminals than a typical nation state. This is what makes them stand out," said Kamluk to The Guardian.
MiniDuke's targets for 2014, however, seem to be government organizations as Kamluk revealed that the group was spotted deploying open source hacking means to search the Internet for relevant data on probable victims who are located in Azerbaijan, Greece and Ukraine.
"They were collecting everything like emails, names, nicknames and handles," revealed Kamluk.
According to the time stamps of their operations, which reflect the hours when MiniDuke was operative, the group is likely functioning out of Asia or Eastern Europe. However, since the group used Cyrillic characters, a stronger likelihood of them being located in Eastern Europe exists.
Kaspersky Labs also reveals that MiniDuke has released a new malware CosmicDuke. This malware tricks the user into opening a PDF file or Windows EXE, which resembles an image or a document, and infects the victims. The malware is capable of stealing sensitive data like passwords and logins.
MiniDuke is said to have claimed nearly 140 victims since it began its activities, with the majority of those affected located in Russia and Georgia.