“Poetry Group” Hackers Use Citadel to Target Government Offices Worldwide

McAfee has published a report which details the group's activity

  Geographical distribution of Poetry Group victims
Security firm McAfee has published a report entitled “Inside the World of the Citadel Trojan,” focusing on the activities of a cybercriminal gang dubbed the “Poetry Group.”

Security firm McAfee has published a report entitled “Inside the World of the Citadel Trojan,” focusing on the activities of a cybercriminal gang dubbed the “Poetry Group.”

This particular collective’s work is interesting because they’ve “shifted tactics to use Citadel in ways other than what it was originally intended for.”

The figures that characterize the Poetry Group are impressive. Since October 2012, they’ve launched over half a dozen malicious campaigns, infecting more than 1,000 computers worldwide.

While this might not seem such a big number, the victims are mostly government offices.

Poland and Denmark appear to be most targeted, followed by Japan. Other victims have been spotted in Sweden, Spain, Netherlands, Estonia, Switzerland and the Czech Republic.

The group’s name stems from the fact that they embed strings of poetry (some from Shakespeare) into the malware’s binary.

McAfee believes that the gang might be the byproduct of a for-hire data-gathering operation for a private clientele.

The complete report is available here.

Comments