Another attack on the Bundestag with the Swatbanker banking Trojan in the background

According to the analysis carried out by employees of G DATA SecurityLabs, the cybercriminals last week carried out another attack aimed at testing the security of the German parliament's network. At the moment, it is not known whether this is a completely new hit of hackers, a simple criminal attack or the continuation of the campaign revealed at the end of last month.

The Germans from GDATA detected a series of cyber attacks targeting the Bundestag network between 8 and 10 June. The hackers used for this purpose a new variant of the Swatbanker banking Trojan , and their victims were selected employees and members of the Bundestag. It can not be ruled out that this is a continuation of hacker activities initiated in May this year .

- From our preliminary analyzes, we can assume that the attackers are ordinary criminals who motivate financial goals. However, we can not rule out that this is a kind of a catwalk designed to mislead the trail and to present continuators of attacks from May as ordinary criminals, " says Ralf Benzmüller, head of G DATA SecurityLabs.

What are the consequences of the infection?

Cybercriminals attacked using the new variant of the Swatbanker banking Trojan. Research carried out by G DATA SecurityLabs showed that the virus penetrated the German parliament's Intranet. According to specialists from G DATA, it is likely that the hackers have once again dealt with the security of the antivirus program used by the Bundestag. Computers infected by the Swatbanker Trojan get access to data entered into forms, information about the browser, including the history of websites visited.

Importantly, hackers receive not only access data, but also messages sent by the server.

This is very valuable information that can be used to attack other servers - explains Ralf Benzmüller.

Bank Trojans are able to penetrate deeper and deeper into the computer network, infecting subsequent units. As a result, the number of computers stealing data and transferring malicious software is growing rapidly

The daily Sueddeutsche Zeitung wrote about the May break-ins to the Bundstag. According to German journalists, the whole protection system of the German parliament should be replaced. Security experts believe that Russia is attacking Russia in the early days.

Detailed technical information and analysis of the latest cyber attack on the Bundestag can be found on the blog
https://blog.gdatasoftware.com/blog/article/banking-trojan-has-targeted-bundestag.html

source: G DATA



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.