X-Agent: Difference between revisions
Content deleted Content added
LarryStevens (talk | contribs) mNo edit summary |
Does not need to be italicized. |
||
| (16 intermediate revisions by 14 users not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|Malware program}} |
|||
{{DISPLAYTITLE:''X-Agent''}} |
{{DISPLAYTITLE:''X-Agent''}} |
||
{{infobox computer virus |
{{infobox computer virus |
||
| Line 8: | Line 9: | ||
| IsolationDate = |
| IsolationDate = |
||
| Origin = |
| Origin = |
||
| Author = [[Fancy Bear]]<ref name="CrowdStrike">{{cite |
| Author = [[Fancy Bear]]<ref name="CrowdStrike">{{cite news|url=https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/|title=Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units|newspaper=Crowdstrike.com |date=22 December 2016|publisher=CrowdStrike|quote=CrowdStrike associates the use of X-Agent with an actor we call FANCY BEAR. This actor to date is the exclusive operator of the malware}}</ref> |
||
| Ports used = |
| Ports used = |
||
| OSes = [[iOS]], [[Android (operating system)|Android]] |
| OSes = Windows, Linux, [[iOS]], [[Android (operating system)|Android]] |
||
| Filesize = |
| Filesize = |
||
| Language = |
| Language = |
||
}} |
}} |
||
'''X-Agent''' or '''XAgent''' is a spyware and [[malware|malware program]] designed to collect and transmit hacked files from machines running Windows, Linux, iOS, or Android, to servers operated by hackers. It employs [[phishing]] attacks and the program is designed to "hop" from device to device.<ref>{{cite web |
|||
| url =http://www.pcworld.com/article/2880152/new-spyware-targets-ios-devices-steals-pictures-and-data.html |
| url =http://www.pcworld.com/article/2880152/new-spyware-targets-ios-devices-steals-pictures-and-data.html |
||
| title =New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones |
| title =New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones |
||
| Line 22: | Line 23: | ||
| date =4 February 2015 |
| date =4 February 2015 |
||
| website =PC World |
| website =PC World |
||
| publisher = |
|||
| access-date =22 July 2016}}</ref><ref> |
| access-date =22 July 2016}}</ref><ref> |
||
{{cite web |
{{cite web |
||
| url = |
| url =https://www.zdnet.com/article/ios-spyware-steals-texts-photos-contacts-switches-on-voice-recorder/ |
||
| title =iOS spyware steals texts, photos, contacts, switches on voice recorder |
| title =iOS spyware steals texts, photos, contacts, switches on voice recorder |
||
| last =Ranger |
| last =Ranger |
||
| Line 31: | Line 31: | ||
| date =6 February 2015 |
| date =6 February 2015 |
||
| website =ZD Net |
| website =ZD Net |
||
| publisher = |
|||
| access-date =22 July 2016}}</ref><ref> |
| access-date =22 July 2016}}</ref><ref> |
||
{{cite web |
{{cite web |
||
| url =http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/ |
| url =http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/ |
||
| title =Pawn Storm Update: iOS Espionage App Found |
| title =Pawn Storm Update: iOS Espionage App Found |
||
| last = |
|||
| first = |
|||
| date =4 February 2015 |
| date =4 February 2015 |
||
| website =Trend Micro |
| website =Trend Micro |
||
| ⚫ | }}</ref> In 2016, [[CrowdStrike]] identified an [[Android (operating system)|Android]] variant of the malware for the first time, and claimed that the malware targeted members of the Ukrainian military by distributing an infected version of an app to control [[122 mm howitzer 2A18 (D-30)|D-30 Howitzer]] artillery.<ref name="CrowdStrike"/> The [[Ukrainian army]] denied CrowdStrike's report and stated that losses of Howitzer artillery pieces had "nothing to do with the stated cause".<ref>{{cite news |url=http://en.interfax.com.ua/news/general/395186.html |title=Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software |agency=[[Interfax-Ukraine]] |date=January 6, 2017}}</ref> |
||
| publisher = |
|||
| ⚫ | |||
Slovak computer security company [[ESET]] obtained the X-Agent source code in 2015 and described its inner workings in a report released in October 2016.<ref>{{Cite web|url=https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf|title=En Route with Sednit|last=ESET|date=October 2016|website=www.welivesecurity.com|access-date=December 21, 2017}}</ref> |
|||
| ⚫ | A Washington, DC grand jury indictment (resulting from Robert Mueller's investigation into Russian election interference) charges that agents of the Russian GRU in Moscow "developed, customized and monitored X-Agent malware used to hack the DCCC and DNC networks beginning in or around April 2016" (item 15, at the end of page 4 and the beginning of page 5). |
||
| ⚫ | A Washington, DC grand jury indictment (resulting from Robert Mueller's investigation into Russian election interference) charges that agents of the Russian GRU in Moscow "developed, customized and monitored X-Agent malware used to hack the DCCC [Democratic Congressional Campaign Committee] and DNC [Democratic National Committee] networks beginning in or around April 2016" (item 15, at the end of page 4 and the beginning of page 5).<ref>{{cite wikisource|title=U.S. v. Viktor Borisovich Netyksho, et al|last=Mueller|first=Robert|authorlink=Robert Mueller|date=2018|pages=4-5|wspages=4|scan=Page:Netyksho_et_al_indictment.pdf/4}}</ref> |
||
==References== |
==References== |
||
| Line 56: | Line 51: | ||
[[Category:IOS software]] |
[[Category:IOS software]] |
||
[[Category:Android (operating system)]] |
[[Category:Android (operating system)]] |
||
| ⚫ | |||
| ⚫ | |||
Latest revision as of 12:34, 14 July 2024
| X-Agent | |
|---|---|
| Type | Spyware |
| Authors | Fancy Bear[1] |
| Technical details | |
| Platform | Windows, Linux, iOS, Android |
X-Agent or XAgent is a spyware and malware program designed to collect and transmit hacked files from machines running Windows, Linux, iOS, or Android, to servers operated by hackers. It employs phishing attacks and the program is designed to "hop" from device to device.[2][3][4] In 2016, CrowdStrike identified an Android variant of the malware for the first time, and claimed that the malware targeted members of the Ukrainian military by distributing an infected version of an app to control D-30 Howitzer artillery.[1] The Ukrainian army denied CrowdStrike's report and stated that losses of Howitzer artillery pieces had "nothing to do with the stated cause".[5]
Slovak computer security company ESET obtained the X-Agent source code in 2015 and described its inner workings in a report released in October 2016.[6]
A Washington, DC grand jury indictment (resulting from Robert Mueller's investigation into Russian election interference) charges that agents of the Russian GRU in Moscow "developed, customized and monitored X-Agent malware used to hack the DCCC [Democratic Congressional Campaign Committee] and DNC [Democratic National Committee] networks beginning in or around April 2016" (item 15, at the end of page 4 and the beginning of page 5).[7]
References
[edit]- ^ a b "Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units". Crowdstrike.com. CrowdStrike. 22 December 2016.
CrowdStrike associates the use of X-Agent with an actor we call FANCY BEAR. This actor to date is the exclusive operator of the malware
- ^ Williams, Martyn (4 February 2015). "New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones". PC World. Retrieved 22 July 2016.
- ^ Ranger, Steve (6 February 2015). "iOS spyware steals texts, photos, contacts, switches on voice recorder". ZD Net. Retrieved 22 July 2016.
- ^ "Pawn Storm Update: iOS Espionage App Found". Trend Micro. 4 February 2015.
- ^ "Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software". Interfax-Ukraine. January 6, 2017.
- ^ ESET (October 2016). "En Route with Sednit" (PDF). www.welivesecurity.com. Retrieved December 21, 2017.
- ^ Mueller, Robert (2018). . pp. – via Wikisource. [scan
]
 | This malware-related article is a stub. You can help Wikipedia by expanding it. |