Crouching Yeti
STATUS:
Active
TYPE:
Backdoor, Remote administration tool
DISCOVERY:
January 2014
TARGETED PLATFORMS:
Windows
FIRST KNOWN SAMPLE:
2010
NUMBER OF TARGETS:
2,001-3,000
TOP TARGETED COUNTRIES:
USA, Spain, Japan, Germany, France, Italy, Turkey, Ireland, Poland, China
THE WAY
OF PROPAGATION
Social engineering
Exploits
Watering hole attacks
Trojanized software installers
PURPOSE/
FUNCTIONS
Data theft
SPECIAL
FEATURES
Interest in OPC/SCADA. Trojanized software used to administer remote OPC servers as well as modules to scan networks for OPC servers.
TARGETS
Industrial/machinery
Manufacturing
Pharmaceutical
Construction
Education
Information technology
ARTEFACTS/
ATTRIBUTION
Russian-speaking authors
MORE INFO
The blog post and research paper are available at
Securelist.com
