Skip to main content

MiniDuke hackers now targeting drug dealers as well as government agencies

You may recall the name MiniDuke, a strain of malware which was released at the start of last year, and was used to attack government entities and think-tanks in a number of nations.

Well, somewhat confusingly the "old-school" hacker crew behind this (now dubbed MiniDuke, after the original malware) is now using its ill-programmed gains to pilfer data from a very different target, namely drug dealers.

The Guardian reports that Kaspersky Labs uncovered details of drug dealers being hit by MiniDuke, after the security firm tracked one of the command and control servers used by the attackers to a website that sold illegal substances including steroids.

While previously it was thought that MiniDuke might be backed by a nation state, due to the political anti-government agenda, Vitaly Kamluk, principal security researcher at Kaspersky, told the newspaper that he now thinks the hacking crew could feasibly be some sort of a "cyber-mercenary" outfit, split into cells and available for hire – and working for the other side, the law, in the aforementioned case. But that's just speculation, of course.

All that said, the principal targets for this year still remain government entities, according to Kamluk, who notes that the hackers have been using tools to scan for data on potential targets in Azerbaijan, Ukraine, and Greece.

Furthermore, apparently the organisation has released a new strain of malware known as CosmicDuke, which infects victims by tricking them into opening a PDF file or Windows EXE made to look like a document or image. Said files boast a juicy title which another security firm, F-Secure, reports contains references to countries including Ukraine, Poland, Turkey, and Russia (for example, one was on the topic of a Ukrainian gas pipeline).

F-Secure noted that if the malware file is opened, CosmicDuke infects the system and begins collecting data via a whole raft of means, including a "keylogger, clipboard stealer, screenshotter, and password stealers for a variety of popular chat, email and web browsing programs."

MiniDuke has apparently claimed around 140 victims thus far, with the majority in Russia and Georgia, although there have also been 14 victims in the UK, and 34 in the US.