Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Symantec Security Response

Symantec Security Response

Bachosens: Highly-skilled petty cyber-criminal with lofty ambitions targeting large organisations

Eastern Europe based attacker’s advanced malware comparable with that used by nation-state actors, but basic missteps indicate a threat actor who is skilled but lacking in expertise

In attacks reminiscent of the early days of malware, a lone wolf threat actor who appears to be based in a disputed part of eastern Moldova is using advanced malware to carry out cyber attacks against large organisations for relatively modest rewards. The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors. However, further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s — the only difference being this hacker wasn’t out for bragging rights. He was out for financial reward.

Big weapon, small rewards

This lone wolf attacker — who we call Igor — is not an average cyber-criminal aiming to infect as many victims as possible. Rather, he has been carrying out highly targeted attacks on specific organisations.

Igor developed a specialised tool, a piece of malware called Bachosens, to gain access to at least two large organisations, an international airline and a Chinese auto-tech company. Symantec believes that Igor planted the malware through the use of spear-phishing emails, a tactic typically employed by nation-state actors.

What do we know about this attacker?

Symantec believes he may be based in the town of Tiraspol in eastern Moldova. Officially, Tiraspol is the second-largest city in Moldova, but it is also the capital of the self-declared republic of Transnistria, which is not recognised as an independent state by the UN.

The dominant language in Transnistria is Russian, and there were Russian strings used in the Bachosens malware, and communication with the C&C server uses what appears to be the Russian equivalents of size suffixes for KB, MB, GB, and TB. This indicated to researchers that the individual behind this malware was likely Russian speaking.

The level of information the attacker knowingly or negligently revealed about himself online gave us high confidence that he is an individual involved in the auto industry who is based in this part of Eastern Europe.

Petty cyber-crime still exists

While we have gleaned a lot of information about this attack, much of this attacker’s activity remains a mystery, such as the motivations behind some of his activity, and where he may have acquired the skills to create such sophisticated malware, while clearly demonstrating lack of expertise in other areas.

However, this activity does show us that while nation-state actors and organised cyber-crime gangs carrying off big heists may be what grabs headlines, there are still lone wolf attackers out there making a comfortable living from cybercrime


© Scoop Media

Business Headlines | Sci-Tech Headlines


Reserve Bank: Policy Lessons From A Year Of Covid-19

The Reserve Bank of New Zealand – Te Pūtea Matua was in a sound position to continue to meet its mandate in the face of the COVID-19 induced economic shock. However, we must continue to transform so as to remain relevant and effective in addressing longer-term challenges, Reserve Bank Governor Adrian Orr said... More>>

Transport Industry Association: Feb 2021 New Vehicle Registrations Strongest On Record

Motor Industry Association Chief Executive David Crawford says that the February 2021 figures are the strongest for the month of February ever. Registrations of 12,358 were 8.0% up on February 2020. Year to date the market is up 7.1% (1,735 units) compared to the first two months of 2020... More>>

Paymark: Lockdown Equals Slowdown For Some

The three days of lockdown for Auckland earlier this month made a clear impression on our retail spending figures. While only Auckland moved into Level 3 lockdown, the impact was felt across the country, albeit at different levels. Looking at the ... More>>

Infrastructure Commission: Te Waihanga Releases Report On Water Infrastructure

The New Zealand Infrastructure Commission, Te Waihanga’s latest discussion document highlights the importance of current reforms in the water sector. Its State of Play discussion document about water infrastructure is one of a series looking at the ... More>>

OECD: Annual Inflation Picks Up To 1.5% In January 2021 While Euro Area Records Sharp Increase To 0.9%

Annual inflation in the OECD area picked up to 1.5% in January 2021, compared with 1.2% in December 2020. Following a rebound between December and January, the annual decline in energy prices was less pronounced in January (minus 3.9%) than in December... More>>

Hemp Industries Association: Could The Next Team NZ Boat Be Made Entirely Of Hemp?

With The America’s Cup due to start in a few days’ time, innovators from a very different sphere have been wondering how long it could be before New Zealand could be competing in a boat entirely built from hemp, with the crew eating high-energy, nutritious hemp-infused foods and wearing high-performance hemp kit..? More>>

ACT: Matariki Almost A Half Billion Dollar Tax On Business

“Official advice to the Government says an extra public holiday at Matariki could cost almost $450 million,” ACT Leader David Seymour can reveal. “This is a perfect example of the Prime Minister doing what’s popular versus what’s responsible. ... More>>

Genesis: Assessing 6,000 GWh Of Renewable Generation Options For Development By 2025

Genesis is assessing 6,000 GWh of renewable generation options for development after starting a closed RFP process with 11 partners. Those invited to participate offer a range of technologies as Genesis continues to execute its Future-gen strategy to ... More>>