Kaspersky Lab releases analysis on ‘Crouching Yeti’ malware

Kaspersky Lab has announced the release of a malware related to cyber-espionage campaign. This is based on control and command infrastructure and is termed as ‘Crouching Yeti’ by the research team. This campaign originated in 2010 and is still targeting the users on daily basis. This malware is part of the various advanced persistent threat (APT) campaigns. The lab studies highlight that its victims are the enterprises. The total number of encountered victims is 2,800 around the world.

The users targeted by this malware shows that it is interested in attacking the enterprises belonging to different sectors. Kaspersky Lab’s experts believe they might be collateral victims, but it might also be reasonable to redefine Crouching Yeti not only as a highly targeted campaign in a very specific area of interest. The organisations attacked by the virus are located in areas like United States, Spain, Japan, Germany, France, Italy, Turkey, Ireland, Poland and China.

Nicolas Brulez, Principal Security Researcher at Kaspersky Lab, said, “The Energetic Bear was the initial name given to this campaign by Crowd Strike according to their nomenclature. The Bear goes for attribution, and Crowd Strike believes this campaign has a Russian origin. Kaspersky Lab is still investigating all existing leads; however, at the moment there are no strong points in either direction. Also our analysis demonstrates that the attackers’ global focus is much broader than just power producers. Based on this data, we decided to give a new name to the phenomenon: a Yeti reminds one of a bear, but it has a mysterious origin.”