LURK – The Story about Five Years of Activity

Lurk activity was solely in Russia slince late 2011, but the technologies they use became noisy, when it appeared in the “World Market” years later. We were able to track activity despite the low detection by AV vendors.

We will comment the activity of the group over five years, showing methods, tactics and many high profile (mostly something we call intermediate victims) whom sites was used for malware distribution. The list of the victims includes high profile news agencies (up to 1 million unique visitors per day) end even domain in government sections.

We coordinated our efforts with victims and CERTs and can share successful and not successful steps of attack mitigation for this group. This group was arrested in June and we should be able to document the impact on exploit kit activities.

Print Friendly, PDF & Email
Vladimir Kropotov

Vladimir Kropotov

Vladimir recently joined Trend Micro FTR team. Active for over 15 years in information security projects and research, he previously built and led incident response teams at some of Fortune 500 companies, was head of Incident Response Team at Positive Technologies since 2014, and holds a university degree in applied mathematics and information security. He participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, botnet and cybercrime investigations. Vladimir regularly appears at high-profile international conferences such as FIRST, CARO, HITB, Hack.lu, PHDays, ZeroNights, POC, Hitcon, and many others.
Vladimir Kropotov

Latest posts by Vladimir Kropotov (see all)

Fyodor Yarochkin

Fyodor Yarochkin

Fyodor is a researcher at Academia Sinica and a Ph.D. candidate at EE, National Taiwan University. An early Snort developer, and open source evangelist as well as a "happy" programmer. Prior to that, Fyodor professional experience includesseveral years as a threat analyst at Armorize and over eight years asa information security analyst responding to network, security breaches and conducting remote network security assessments and network intrusion tests for the majority of regional banking, finance, semiconductor and telecommunication organisations. Fyodor is an active member of local security community and has spoken at a number of conferences regionally and globally.
Fyodor Yarochkin

Latest posts by Fyodor Yarochkin (see all)