Bitdefender says that Netrepser is a malware campaign that represents a new intelligence collection programme aimed at a specific set of (foreign) IP government addresses that has not been documented before.
It adds that cyber espionage groups don’t necessarily need to invest large amounts of money into powerful malware programmes. A well-patched and maintained system would have prevented this incursion.
Bogdan Botezatu, senior e-threat analyst at Bitdefender, says “Netrepser is stitched together with freeware utilities to carry a complex job through to completion. This is the exact opposite of complex, targeted malware framework, military-grade APT it has seen recently."
The controversy stems from the fact that the applications provided by Nirsoft are used to recover cached passwords or monitor network traffic via powerful command-line interfaces that can be instructed to run completely covertly.
What is different is that Netrepser seems to have access to inside information to construct socially engineered phishing emails that have a better chance of being opened. They include references to employees, exit interviews, and other internal matters.
Once infected, the malware can be used by other groups to “game the system” and it seems the purpose is primarily to exfiltrate confidential data, locate admin logins and passwords, forensic inspection, system information, and keylogging.
After the exfiltration, the hackers have a kill switch to clean up and remove evidence of their involvement.
Bitdefender says it is releasing information on this campaign to help organisations that act in a potentially sensitive sector to better understand the impact of malware.