[tdb_mobile_menu menu_id="81451" el_class="plato-left-menu" icon_size="eyJhbGwiOjUwLCJwaG9uZSI6IjMwIn0=" icon_padding="eyJhbGwiOjAuNSwicGhvbmUiOiIxLjUifQ==" tdc_css="eyJhbGwiOnsibWFyZ2luLXRvcCI6IjEwIiwibWFyZ2luLWJvdHRvbSI6IjAiLCJtYXJnaW4tbGVmdCI6IjE1IiwiZGlzcGxheSI6IiJ9LCJwaG9uZSI6eyJtYXJnaW4tdG9wIjoiMCIsIm1hcmdpbi1sZWZ0IjoiMCIsImRpc3BsYXkiOiIifSwicGhvbmVfbWF4X3dpZHRoIjo3Njd9" align_horiz="content-horiz-center" inline="yes" icon_color="#ffffff" icon_color_h="#ffffff"][tdb_header_logo align_vert="content-vert-center" url="https://zephyrnet.com" inline="yes" text="Zephyrnet" image_width="eyJwaG9uZSI6IjM1In0=" img_txt_space="eyJwaG9uZSI6IjEwIn0=" f_text_font_size="eyJwaG9uZSI6IjE4In0=" f_text_font_line_height="eyJwaG9uZSI6IjEuNSJ9" f_text_font_weight="eyJwaG9uZSI6IjcwMCJ9" f_text_font_transform="eyJwaG9uZSI6ImNhcGl0YWxpemUifQ==" f_text_font_family="eyJwaG9uZSI6ImZzXzIifQ==" text_color="#ffffff" text_color_h="var(--accent-color)"]

[tdb_mobile_horiz_menu menu_id="1658" single_line="yes" f_elem_font_family="eyJwaG9uZSI6ImZzXzIifQ==" f_elem_font_weight="eyJwaG9uZSI6IjcwMCJ9" text_color="var(--news-hub-white)" text_color_h="var(--news-hub-accent-hover)" f_elem_font_size="eyJwaG9uZSI6IjE0In0=" f_elem_font_line_height="eyJwaG9uZSI6IjQ4cHgifQ==" elem_padd="eyJwaG9uZSI6IjAgMTVweCJ9" tdc_css="eyJwaG9uZSI6eyJwYWRkaW5nLXJpZ2h0IjoiNSIsInBhZGRpbmctbGVmdCI6IjUiLCJkaXNwbGF5Ijoibm9uZSJ9LCJwaG9uZV9tYXhfd2lkdGgiOjc2N30="]

[tdb_mobile_menu inline="yes" menu_id="81451" el_class="plato-left-menu" icon_size="50" icon_padding="0.5" tdc_css="eyJhbGwiOnsibWFyZ2luLXRvcCI6IjEwIiwibWFyZ2luLWJvdHRvbSI6IjAiLCJtYXJnaW4tbGVmdCI6IjE1IiwiZGlzcGxheSI6IiJ9fQ==" icon_color="#ffffff" icon_color_h="#ffffff"]

Generative Data Intelligence

[tdb_header_menu main_sub_tdicon="td-icon-down" sub_tdicon="td-icon-right-arrow" mm_align_horiz="content-horiz-center" modules_on_row_regular="20%" modules_on_row_cats="20%" image_size="td_300x0" modules_category="image" show_excerpt="none" show_com="none" show_date="" show_author="none" mm_sub_align_horiz="content-horiz-right" mm_elem_align_horiz="content-horiz-center" menu_id="81450" show_mega_cats="yes" align_horiz="content-horiz-center" elem_padd="0 30px" main_sub_icon_space="12" mm_width="1192" mm_padd="30px 25px" mm_align_screen="yes" mm_sub_padd="20px 25px 0" mm_sub_border="1px 0 0" mm_elem_space="25" mm_elem_padd="0" mm_elem_border="0" mm_elem_border_a="0" mm_elem_border_rad="0" mc1_title_tag="h2" modules_gap="25" excl_txt="Premium" excl_margin="0 6px 0 0" excl_padd="2px 5px 2px 4px" excl_bg="var(--news-hub-accent)" f_excl_font_size="12" f_excl_font_weight="700" f_excl_font_transform="uppercase" meta_padding="20px 0 0" art_title="0 0 10px" show_cat="none" show_pagination="disabled" text_color="var(--news-hub-white)" tds_menu_active1-line_color="var(--news-hub-accent)" f_elem_font_size="18" f_elem_font_line_height="64px" f_elem_font_weight="400" f_elem_font_transform="none" mm_bg="var(--news-hub-dark-grey)" mm_border_color="var(--news-hub-accent)" mm_subcats_border_color="#444444" mm_elem_color="var(--news-hub-white)" mm_elem_color_a="var(--news-hub-accent-hover)" f_mm_sub_font_size="14" title_txt="var(--news-hub-white)" title_txt_hover="var(--news-hub-accent-hover)" date_txt="var(--news-hub-light-grey)" f_title_font_line_height="1.25" f_title_font_weight="700" f_meta_font_line_height="1.3" f_meta_font_family="fs_2" tdc_css="eyJhbGwiOnsiYm9yZGVyLXRvcC13aWR0aCI6IjEiLCJib3JkZXItcmlnaHQtd2lkdGgiOiIxIiwiYm9yZGVyLWJvdHRvbS13aWR0aCI6IjEiLCJib3JkZXItbGVmdC13aWR0aCI6IjEiLCJib3JkZXItY29sb3IiOiJ2YXIoLS1uZXdzLWh1Yi1kYXJrLWdyZXkpIiwiZGlzcGxheSI6IiJ9fQ==" mm_border_size="4px 0 0" f_elem_font_family="fs_2" mm_subcats_bg="var(--news-hub-dark-grey)" mm_elem_bg="rgba(0,0,0,0)" mm_elem_bg_a="rgba(0,0,0,0)" f_mm_sub_font_family="fs_2" mm_child_cats="10" mm_sub_inline="yes" mm_subcats_posts_limit="5"]

Home Cyber Security PupyRAT found sniffing around EU energy concern

Cyber Security

PupyRAT found sniffing around EU energy concern

-

January 23, 2020

A command and
control server used by the Iranian-associate group PupyRAT that is
communicating with the mail server of a European energy sector organization for
the last several months.

Recorded Future’s
Insikt Group reported PupyRAT, a remote access trojan, had been chatting with
the November2019 until about January 5, 2020. The security firm could not solidly
confirm through the metadata viewed that PupyRAT had been able to compromise
its target, but Insikt Group researchers
believe the amount of traffic between the targeted mail server to a PupyRAT C2
are sufficient to indicate a likely intrusion.

PupyRAT is
an open-source malware generally used by organizations as a “red team” tool,
but Insikt Group noted it has been previously used Iranian groups, including
APT33 and Cobalt Gypsy.

“Whoever the
attacker is, the targeting of a mail server at a high-value critical
infrastructure organization could give an adversary access to sensitive
information on energy allocation and resourcing in Europe,” the report said.

The
researchers pointed out PupyRAT’s possible intrusion of the mail server
predated the recent tensions that have arisen between the United States and
Iran indicating the activity is likely part of an on-going cyberespionage
campaign aimed at the European energy sector.

Topics:

Critical Infrastructure

Source: https://www.scmagazine.com/home/security-news/government-and-defense/pupyrat-found-sniffing-around-eu-energy-concern/