Bringing cybersecurity globally to critical and complex key activities
ATK112 (aka: ZooPark by Kaspersky) is a group that mostly uses an Android Malware, "UnitMM", which saw multiple iterations. This group was first noticed in June 2015, and is still active to 2018.
The group mostly focuses on espionage, and has seen technical progresses since its debuts: While it first used forked commercial software in order to accomplish its deeds, the group extended it and brought it to a fully-fledged espionage platform.
According to 360 Beaconlab however, the group purchases its malicious software from a commercial development group, nicknamed "Apasec".
Hackers mainly used waterhole attacks as infection vector, the experts discovered several news websites that have been compromised to redirect visitors to a downloading site that delivered the final malware.
The group deploys its tools through multiple main vectors: Telegram channels and watering holes.
Indeed, it regularly uses compromised websites in order to gain access its targets.
The group also started using an exclusive Windows malware, nicknamed "SpecialSaber".
REFERENCES