Over the course of the last year, we detected and analysed several instances of a toolset that was used for targeted espionage. Among the victims were governmental and public institutions, including but not limited to ones focused on economic growth and cooperation.
The malware was targeting countries in Central and Eastern Europe, with a particular focus on the Visegrad Group. The malware also features unique capabilities, available control channels and exfiltration techniques, which also make it interesting from a technical viewpoint.
In our presentation, we will cover the evolution of the malware, analyse its components including techniques used to avoid detection and to bypass firewalls, and reveal clues that may point to its origins.