The Copycat Cyberattackers With Serious Commonsense

While the entire digital world is plagued by online attacks designed by sophisticated hackers and spammers, there are many attacks that are designed by either the novices or people with comparatively less expertise. There is one such group of attackers by the name Copy Kittens that not only employs the common-sense approach while designing their attacks but is actually “copy-pasting” the snippets of codes gleaned from various online sources in order to write their “malicious script” and spread through various methods. However, the group cannot be called “Novice” as they employ many homemade tools in order to negatively impact the systems of their victims. The group has been active from 2013 (Some claim them to be active since mid of 2014) and the way they are spreading across different regions of the globe, it may not take much time for them to reach digital arena of India too. Being acquainted with such groups is a vital way to remain safe from their malicious attempts. So, let us know more about the group, their strengths, and their weaknesses:CopyKittensA number of organizations have been targeted by CopyKittens that is being active since as easy as 2013. These organizations belong t different actions including Turkey, Saudi Arabia, Israel, Germany the USE and even Jordan.The Approach• The attackers employ many creative yet destructive attacks to disrupt the digital arena. It includes tactically choosing the specific sites and inserting JavaScript into them to facilitate the malicious activities. Sites like ID Disabled Veterans Organization and Jerusalem Post has been among its victims.

• Scanning web servers for vulnerability and employing sqlmap, Acunetix, Havij and other SQL tools along with the diverse use of malicious sites beings spread through emails and infecting office documents are other methods employed by CopyKittens.• The preparedness and planning of the group can be gauged by the fact that in many cases it also took the help of fake social media profiles in order to gain audience’s trust before finally using those platforms for spreading nasty links purposed for far-reaching unpleasant impact.The major victims• The members of German Bundestag also became its victims want it released a flurry of watering hole attacks at least one of which directly impacted the pages of Jerusalem Post.• The group also nitrated an IT company in order to use its VPN connection into client organizations.• Apart from using their own in-house developed tools the group also relies on Metasploit, Mimikatz, Cobalt Strike and other public tools in order to facilitate their notorious activities.ToolsetSome other tools that are widely used by the group include:• TDTESS backdoor• Vminst• NetSrv• ZPP• Matryoshka v1• Matryoshka v2.The character, strengths, and weaknessesThe group can be termed as an expert group with some wide gaps. While they may be lagging behind their counterparts when it comes to the technical expertise, they are well aware of patching the gaps” and using the commonsense approach to increase the intensity of their attacks.Strengths• Multi-stage infection of computers using crafty method• DNS Protocol is used to conduct Data Exfiltration• They heavily rely on in-house developed tools apparently to discourage the victims or security professionals by deciphering the familiar RATs and hackers.• A keen eye is kept on the evolution in IT security and the entire ecosystem is further developed to outpace most current security predictsWeaknessesInterestingly the group doesn’t seem to be out and out the expert in core hacking or IT attacks. They generally copy the snippets from online forums and other digital resources and employ the same to execute their malicious intentions by spreading the infection.Though using a number of advanced tools and sharing a high level of preparedness one can easily find the lack of sophistication of in regards to the conduct f the group. More often the flagrant greed of the group that apparently announce their presence in the digital arena of an enterprise when they affect a number of systems triggering the response management system to act swiftly and stop the group from further damage.

Notable characteristics• While the attackers employ the traditional method of initiating attack through using email, they employ greater caution while choosing the recipient, subject, and matter. In fact, the profile of potential recipient is studied and the mails are then designed to align with the recipient’s interest.• The hackers repeatedly attack the same target using different platforms and continue the efforts until they gain an entry. They are constantly hopping from one victim to the based on a higher value that is another indication the greed of the group. Before we sign off, have a simple tip that may help- The 2-factor authentication to webmail account can be a strong way to remain protected from the group.• Though the group does steal the data, their identity and the sources of finance is still under doubt as is their ultimate objective.