Delaware, USA – October 20, 2017 – Leviathan hacker group has been engaged in cyber espionage for about three years. Their primary targets are research institutions, as well as defense and naval industries mainly located in the US and Western Europe. Researchers from Proofpoint revealed details of Leviathan’s latest attacks. In the most recent campaigns, attackers sent out emails containing various MS Office documents with malicious macros and infected the victims’ computers exploiting CVE-2017-0199 and CVE-2017-8759 vulnerabilities (the last vulnerability was added to their arsenal in a few days after it was discovered and described). Using installed backdoors and malware to steal valuable data, hackers also collected email credentials and used them for lateral movement.
Hackers from Leviathan group actively monitor discovered vulnerabilities and immediately leverage them during their attacks. Patching of software immediately after the release of security updates can protect against numerous advanced attacks. In order to detect vulnerable assets in a timely manner and install the most critical updates on them, you can use CyberView, the platform that significantly simplifies the SOC management improves its efficiency and allows administrators to receive all necessary information in a few clicks.