PseudoManuscrypt Spyware Targets Enterprises and ICS
The PseudoManuscrypt Spyware is a new malicious implant, which has been active since the start of 2021. This particular threat is likely to be the product of an Advanced Persistent Threat (APT) group. It resembles the infamous Manuscrypt malware used by the Lazarus hackers. However, there is no indication that both of these threats are the product of the same developers. The PseudoManuscrypt Spyware has been used in highly-targeted attacks against government bodies and industrial control systems (ICS.)
Needless to say, industrial organizations are the preferred target of highly advanced threat actors, since their networks are ideal for gathering intelligence, or for financial gain. One of the worrisome facts about this particular malware is that it was discovered on over 35,000 computers that were spread in 195 countries. The global scope of the PseudoManuscrypt Spyware attack certainly shows that the criminals behind it are not new to the scene, and they have the expertise and experience to launch an attack of this level.
Due to the diverse profiles of their targets, the criminals appear to rely on a wide range of delivery techniques for their payloads. The interesting part is that many victims were infiltrated through pirated software installers, including cracked copies of ICS-specific programs. In the meantime, other networks had the PseudoManuscrypt Spyware dropped on them thanks to a previous infiltration via the Glupteba botnet. The spyware is able to log keystrokes, grab VPN credentials, capture screenshots, and steal clipboard data. The goal of the PseudoManuscrypt Spyware is assumed to be industrial espionage, but the criminals could easily switch to a different goal if they wished to, thanks to the malware's rich features.