TL;DR Kestril9 commented on Koala meaning is a type of RAT malware that “focuses on aviation, defense, energy, industrial control systems (ICS), and petroleum pipeline operators. Spear phishing, and watering hole attacks are also its initial vectors. Its a tool to fulfill military, or political goals."
This fits better because in Q's same post he talks about RATs and being vigilant for attacks this month. It also fits better because the word Koala was in the kill box indicating that Koala is an enemy.
Great work Kestril9!
Original comment:
kestrel9 2 points (+2|-0) 16 hours ago
RAT https://cromwell-intl.com/cybersecurity/cyberwar/intro.html
The term Remote Access Trojan or RAT was initially popular for describing the advanced threats of the mid 1990s through maybe 2010. The term Advanced Persistent Threat or APT is cited as first being used by USAF Colonel Greg Rattray in 2006, it soon became common for describing precisely targeted threats using advanced techniques and typically lurking unseen for an extended time to extract data, gather intelligence for later attacks, or sabotage systems.
A true APT is very advanced and persistent. They are complex and sophisticated, especially the nation-state-sponsored ones. And they are persistent: analysis has shown that some have been in place undetected for several years.
Koala Team
Energetic Bear, the name CrowdStrike has given the attack group, is also known as Crouching Yeti, by Kaspersky Labs, Koala Team, by iSight Partners, and Dragonfly by Symantec. “This group,” Ms. Jackson-Higgins notes, “focuses on aviation, defense, energy, industrial control systems (ICS), and petroleum pipeline operators. Spear phishing, and watering hole attacks are also its initial vectors. It’s main goal,” she adds “is to remain inside it’s target network for the long-term.” “This may be the work of a military group pre-positioning itself for a computer network attack as a tool to fulfill military, or political goals. Parallels can be drawn between Energetic Bear and Stuxnet….in terms of its victimology; and, focus on ICS equipment ,” Recorded Future said in its report. link
November 2014 — Recorded Future reported on Russian governmental cyber-espionage against companies involved in industrial control systems, pharmaceuticals, defense, aviation, and petroleum. They identified Uroburous, Energetic Bear, and APT28 as three main advanced malware families being used by Russia for espionage. They are used in a coordinated fashion — while all three are used aggressively, you seldom find more than one on a target system.
Uroburous was named by GData, Kaspersky calls it Epic Turla, BAE Systems calls it Snake and SnakeNet. It has been around since 2008 and targets governments, embassies, the defence and pharmaceutical industries, and research and education. Kaspersky has analyzed a Linux backdoor component. Also see this analysis.
Energetic Bear was named by CrowdStrike, Kaspersky calls it Crouching Yeti, iSIGHT Partners calls it Koala Team, and Symatec calls it Dragonfly. It targets aviation, defense, energy, industrial control systems and petroleum pipelines.
https://wikileaks.org/hackingteam/emails/emailid/169635
view the rest of the comments →
[–] bulrush 0 points 1 point 1 point (+1|-0) ago (edited ago)
You need the greater than sign, a space, then paste your text. If there is not a blank line between paragraphs, they will all become one paragraph so put a blank line between paragraphs. Begin the second paragraph with > and a space too.
Below my comment above, click the "..." menu, then click "source". It will show you how I did it. Example:
> this will be formatted as a quote
Voat uses markdown for formatting.
[–] grace8 [S] ago
Thanks!