A new APT Framework named "DarkUniverse" was recently discovered by researchers via tips from a script that was utilized in the NSA breach in 2017 wherein the well-known hacking tools leak 'Lost in Translation' was published by shadow brokers.
Researchers believe that the "DarkUniverse" APT Framework was active in at least 8 years from 2009 until 2017, and the traces show that it's likewise tied with ItaDuke, an actor that utilized PDF exploits for dropping previously unknown malware.
There are various versions of the sample been utilized for this campaign between 2009 to 2017, and the most recent rendition of the malware utilized until 2017. The further examination uncovers that the battle is for the most part utilizing the spear-phishing emails to convey the malware through the weaponized Microsoft Office document attachment.
As indicated by Kaspersky investigate, “DarkUniverse is an interesting example of a full cyber-espionage framework used for at least eight years. The malware contains all the necessary modules for collecting all kinds of information about the user and the infected system and appears to be fully developed from scratch.”
The DarkUniverse campaign is said to gather different sensitive information including Email conversations, files from specific directories, screenshots, information from the Windows registry, sends a file to the C2, credentials from Outlook Express, Outlook, Internet Explorer, Windows Mail and more.
The malicious framework targeted on different nations including Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus and the United Arab Emirates and the victims included both non-military personnel and military associations.
