Deconstructing Mikroceen: Researchers uncover spying backdoor attacking high-profile targets in Central Asia

Next story

The analysis is the result of joint research between ESET and Avast

BRATISLAVA, PRAGUE
 – ESET recently teamed up with Avast to research a widespread and constantly evolving remote access tool (RAT) with the usual backdoor functionality that ESET has dubbed Mikroceen. In the joint analysis, the researchers uncovered Mikroceen being used in espionage attacks against government and business entities (from the telecommunications and gas industries) in Central Asia.

The attackers were able to gain long-term access to affected networks, manipulate files and take screenshots. Victims’ devices could execute various commands delivered remotely from command and control servers.

The researchers investigated the custom implementation of Mikroceen’s client-server model, purpose-built for cyberespionage. “The malware developers put great effort in securing the client-server connection with their victims. Their malware was leveraged ‘in the wild,’ as the operators managed to penetrate high-profile corporate networks. We also saw a larger attack toolset being used and constantly developed, which consisted mainly of variations in obfuscation techniques,” comments Peter Kálnai, who led the ESET arm of the joint research team.

Mikroceen is under constant development, and security researchers have seen it used with backdoor capabilities in various targeted operations since late 2017. Among the tools used by the attackers to move within the infiltrated networks, ESET and Avast researchers also identified Gh0st RAT, an older, yet infamous, RAT created around 2008. There are many similarities between Gh0st RAT and Mikroceen, with the main shift between the projects in securing the connection with a certificate.

For more technical details about Mikroceen, read the blog post Mikroceen: Spying backdoor leveraged in high profile networks in Central Asia on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET is the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com or follow us on LinkedInFacebook, and Twitter.