'WhiteBear' Cyber Tools Target Embassies, Researchers Say

A hacking campaign dubbed "WhiteBear" targeted embassies and consulates in Europe, Asia and South America last year before moving on to defense targets, researchers at the Moscow-based Kaspersky Labs recently reported.

The toolset used in the attack is believed to belong to the "Russian-speaking Turla APT [Advanced Persistent Threat]," one of the most "elite" hacking groups around, a blog post from Kaspersky Labs said Wednesday.

Kaspersky said in another post that the malware appeared to take aim at diplomatic targets from February to September 2016 before making the jump to "defense-related organizations" into June of this year.

"The exact delivery vector for WhiteBear components is unknown to us, although we have very strong suspicion the group spearphished targets with malicious pdf files," says Kaspersky's report, which includes a screenshot of a suspected "decoy" pdf file posing as a legitimate memo from Turkmenistan's Ministry of Foreign Affairs.

Kaspersky suspects WhiteBear to be the work of the Turla APT group, which it describes as one of the oldest, most sophisticated hacking groups in existence -- and one whose targets have included sensitive American government entities. Only one other APT, the suspected NSA-linked Equation Group, has been operating for as long, Kaspersky said.

Kaspersky Labs has itself been the subject of much speculation as of late. The FBI has reportedly been investigating the company due to its alleged ties with Russian intelligence. The firm's founder, Eugene Kaspersky, has denied any wrongdoing and offered up the source code for his software to assuage any suspicion. 

Primary Source: Kaspersky WhiteBear Report