Attor is a newly discovered cyber-espionage platform, use of which dates back to at least 2014 and which focuses on diplomatic missions and governmental institutions. The modular malware searches specifically for
TrueCrypt
‑protected hard drives and the processes of specific VPN applications, suggesting a special interest in security-focused users. The most notable plug-in is one that is able to detect connected GSM/GPRS modems or mobile devices, allowing Attor to speak to them directly using the AT command set.
Details of Attor were presented at VB2019 in London by
ESET
researcher Zuzana Hromcová. Shortly after her presentation,
ESET
also published a
white paper
containing many technical details.
Today we release the recording of Zuzana’s presentation.
Have you carried out research that furthers our understanding of the threat landscape? Have you discovered a technique that helps in the analysis of malware?
The
Call for Papers
for VB2020 in Dublin is open! Submit your abstract before 15 March for a chance to make it onto the programme of one of the most international threat intelligence conferences.
Leave a Reply