After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera.
Hacker hack some Georgian news sites and inject "Georbot Botnet" behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams, Scan the local network to identify other hosts on the same network. Malware was also using CVE-2010-0842, CVE-2006-3730, MS06-057 and other unknown vulnerabilities to infect networks.
But finally Researchers from CERT-Georgia trick the mastermind in his own trap by infecting their own PC from Lab, then gave Cyber Attacker Fake ZIP Archive with their own virus inside and the name "Georgian-Nato Agreement". Attacker stole that archive and executed malicious files provide by researchers. That sudden give access of mastermind's computer to investigators. They turn on his camera and took his picture shown below:
Most Georgian Infected computers were from our Governmental Agencies and Critical Information Infrastructures . Main targets of hacker was classified information from Georgia Ministries ,Parliament ,Critical Information Ifrastructures, Banks , NGO’s.
About the author