Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The previously undiscovered malware represents a missing puzzle piece tied to Turla, a so-called advanced persistent threat disclosed in August. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities. 

This article is the first in a series of posts in which I will document some of the false perceptions in IT security. And believe me, there are many. While it is nearly impossible to cover them all, I will certainly attempt to explain as many as my time and energy allows.

When we talk about IT security, we still tend to live with the mindset that our biggest issue is protecting ourselves against future threats. The same thing happens when I attend security conferences or read articles and blog posts; everyone seems to focus on trying to uncover or protect us from the unknown. Almost every security company and a number of researchers are talking about targeted attacks. 

Russia poses a serious cyber threat to industrial control systems, pharmaceutical, defense, aviation, and petroleum companies. Russian government cyber operations aim to use malware to steal information on files, persist on ICS equipment, and commit espionage. 

There is nothing quick about studying Russian cyber operations. Beyond understanding the complexities of the malware itself, one must also match up the names of several families of malware, some which have evolved over time and have had different names, as well as to link together the names given to specific groups by a number of private security companies. 

The Trojan has once again branched out beyond its roots as banking malware and is now targeting the master passwords guarding major password management products. A new configuration file found on an infected computer targeting processes used by the respective password management tools. 

Citadel, like most widely distributed malware families, is crossing over more and more from the realm of cybercrime to APT-style targeted attacks. New features and a hunger for legitimate credentials make the malware, which is already sitting on hundreds of thousands of machines, particularly dangerous to critical infrastructure, in addition to financial services.

A company that develops cyber security and information security products and services to defend organizations against cyber attacks and to protect critical assets has published a new report and introduced a list of countries most under threat from cyber attack.

APTs are complex attacks by hackers for which complicated techniques are used to sneak into a network and carry out prolonged information gathering attacks. They are often carried out by state-backed players or sophisticated criminals and have an element of human control, in contrast with some cyberattacks solely carried out by an automated piece of code.