Home > Resources > Whitepapers > QUASAR, SOBAKEN AND VERMIN: A deeper look into an ongoing espionage campaign

QUASAR, SOBAKEN AND VERMIN: A deeper look into an ongoing espionage campaign

July 16, 2018

Using remote access tools Quasar, Sobaken and Vermin, cybercriminals have been systematically spying on Ukrainian government institutions and exfiltrating data from their systems. The threat actors, first mentioned in a report from January 2018 and tracked by ESET since mid-2017, continue to develop new versions of their stealthy malware. In this white paper, we take a closer look at this ongoing campaign. We provide further details on the malware used to compromise victims’ systems and, on the payloads, installed on compromised systems, and describe the various methods the attackers use to distribute and target their malware while avoiding detection.

I'm For Real

Enter your details once to access all our information and resources

Spotlight

PhishMe, Inc.

Today, PhishMe is the leading provider of threat management for organizations concerned about human susceptibility to advanced targeted attacks. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. Our customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

OTHER WHITEPAPERS
news image

How to Reduce the Risk of Phishing and Ransomware

whitePaper | March 21, 2021

Cybersecurity challenges abound for organizations across the world. The tsunami of phishing attacks that threaten account compromise, data breaches and malware infection remains a critical threat to neutralize. Ransomware is a second critical threat, with a well-played ransomware attack capable of bringing an organization to a complete halt, and in some cases putting it out of business permanently (e.g., Travelex1 and Vastaamo2.

Read More
news image

Fujitsu PRIMERGY Server Security Overview

whitePaper | May 22, 2023

During the last few years server security has become a key building block for end-to-end security. We see strongly increasing cyber-attacks on server infrastructure, which results in an intense need for server security. This whitepaper presents an overview of the security features which are available for PRIMERGY server.

Read More
news image

2022 Cyber Security Report

whitePaper | July 25, 2022

The past twelve months represents one of the most turbulent and disruptive periods on record, at least as far as security is concerned. As governments and businesses around the world continued to navigate the uncharted waters of a global pandemic, the so-called “new normal” still felt a long way off. Digital transformation efforts were dramatically accelerated as businesses embraced hybrid and remote working arrangements, but the same questions around security maturity that plagued many businesses in 2020 persisted through 2021.

Read More
news image

Pulumi Cloud Security Whitepaper

whitePaper | October 24, 2022

Pulumi is a venture-backed cloud computing company in Seattle, WA, founded by industry veterans with decades of experience creating and operating Enterprise software at companies like Microsoft, Amazon, and Google. Pulumi’s user base includes companies of all shapes and sizes, including ISVs, SIs, and Fortune 500s.

Read More
news image

The State of Ransomware in Manufacturing and Production 2022

whitePaper | October 6, 2022

Sophos' annual study of the real-world ransomware experiences of IT professionals in the manufacturing and production sector has revealed an ever more challenging attack environment. Together with the growing financial and operational burden ransomware places on its victims, it also shines new light on the relationship between ransomware and cyber insurance - including how insurance drives changes to cyber defenses.

Read More
news image

Security and Privacy White Paper

whitePaper | October 31, 2022

As cloud-based software solutions become prominent, discussions continue to revolve around security. When organizations implement a cloud-based solution, they put their trust in the solution provider to protect their data and deliver a secure platform.

Read More

How to Reduce the Risk of Phishing and Ransomware

whitePaper | March 21, 2021

Cybersecurity challenges abound for organizations across the world. The tsunami of phishing attacks that threaten account compromise, data breaches and malware infection remains a critical threat to neutralize. Ransomware is a second critical threat, with a well-played ransomware attack capable of bringing an organization to a complete halt, and in some cases putting it out of business permanently (e.g., Travelex1 and Vastaamo2.

Read More

Fujitsu PRIMERGY Server Security Overview

whitePaper | May 22, 2023

During the last few years server security has become a key building block for end-to-end security. We see strongly increasing cyber-attacks on server infrastructure, which results in an intense need for server security. This whitepaper presents an overview of the security features which are available for PRIMERGY server.

Read More

2022 Cyber Security Report

whitePaper | July 25, 2022

The past twelve months represents one of the most turbulent and disruptive periods on record, at least as far as security is concerned. As governments and businesses around the world continued to navigate the uncharted waters of a global pandemic, the so-called “new normal” still felt a long way off. Digital transformation efforts were dramatically accelerated as businesses embraced hybrid and remote working arrangements, but the same questions around security maturity that plagued many businesses in 2020 persisted through 2021.

Read More

Pulumi Cloud Security Whitepaper

whitePaper | October 24, 2022

Pulumi is a venture-backed cloud computing company in Seattle, WA, founded by industry veterans with decades of experience creating and operating Enterprise software at companies like Microsoft, Amazon, and Google. Pulumi’s user base includes companies of all shapes and sizes, including ISVs, SIs, and Fortune 500s.

Read More

The State of Ransomware in Manufacturing and Production 2022

whitePaper | October 6, 2022

Sophos' annual study of the real-world ransomware experiences of IT professionals in the manufacturing and production sector has revealed an ever more challenging attack environment. Together with the growing financial and operational burden ransomware places on its victims, it also shines new light on the relationship between ransomware and cyber insurance - including how insurance drives changes to cyber defenses.

Read More

Security and Privacy White Paper

whitePaper | October 31, 2022

As cloud-based software solutions become prominent, discussions continue to revolve around security. When
organizations implement a cloud-based solution, they put their trust in the solution provider to protect their
data and deliver a secure platform.

Read More
More Whitepapers

Spotlight

PhishMe, Inc.

Today, PhishMe is the leading provider of threat management for organizations concerned about human susceptibility to advanced targeted attacks. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. Our customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

Events

Nordic IT Security Event

Conference