DarkUniverse

Description

(Kaspersky) DarkUniverse is an interesting example of a full cyber-espionage framework used for at least eight years. The malware contains all the necessary modules for collecting all kinds of information about the user and the infected system and appears to be fully developed from scratch. Due to unique code overlaps, we assume with medium confidence that DarkUniverse’s creators were connected with the ItaDuke set of activities. The attackers were resourceful and kept updating their malware during the full lifecycle of their operations, so the observed samples from 2017 are totally different from the initial samples from 2009. The suspension of its operations may be related to the publishing of the ‘Lost in Translation’ leak, or the attackers may simply have decided to switch to more modern approaches and start using more widely available artefacts for their operations.

Names

Name	Name-Giver
DarkUniverse	Kaspersky

Country

Unknown

Motivation

Information theft and espionage

First Seen

2017

Observed Sectors

Observed Countries

Tools

Information

https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/

Other Information

Uuid

f5cf306f-3554-4346-8709-96aab00ee577

Last Card Change

2020-04-14

Threat Intelligence Garden

Explorer

DarkUniverse

DarkUniverse

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks