Operation Potao Express

Description

(ESET) We presented our initial findings based on research into the Win32/Potao malware family in June, in our CCCC 2015 presentation in Copenhagen. Today, we are releasing the full whitepaper on the Potao malware with additional findings, the cyberespionage campaigns where it was employed, and its connection to a backdoor in the form of a modified version of the TrueCrypt encryption software.

Like BlackEnergy, the malware used by the so-called Sandworm Team, Iron Viking, Voodoo Bear APT group (also known as Quedagh), Potao is an example of targeted espionage malware directed mostly at targets in Ukraine and a number of other post-Soviet countries, including Russia, Georgia and Belarus.

Names

Name	Name-Giver
Operation Potao Express	ESET

Country

Unknown

Motivation

Information theft and espionage

First Seen

2015

Observed Countries

Tools

FakeTC
Patao

Information

https://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf

Other Information

Uuid

af56332c-10bb-4e1c-9476-ed39c337f751

Last Card Change

2023-02-15

Threat Intelligence Garden

Explorer

Operation Potao Express

Operation Potao Express

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks