Introduction
In 2014, researchers at Kaspersky Lab discovered and reported on three zero-days that were being used in cyberattacks in the wild. Two of these zero-day vulnerabilities are associated with an advanced threat actor we call Animal Farm. Over the past few years, Animal Farm has targeted a wide range of global organizations. The group has been active since at least 2009 and there are signs that earlier malware versions were developed as far back as 2007.
Activities and Tactics
Targeted Sectors: Government, Private sector
Country of Origin: π«π· France
Risk Level: High
Incident Type: Espionage
Suspected Victims: Syria, United States, Netherlands, Russia, Spain, Iran, China, Germany, Algeria, Norwayβ¦
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Back Orifice
- Back Orifice 2000
- CyberGate
- Cyber Eye RAT
- Archelaus Beta
- Babar:
- Bunny:
- Dino:
- Casper:
- Tafacalou:
- NBot:
- Chocopop:
Attribution and Evidence
Country of Origin: France Additional attribution information pending cataloguing.
References
References pending cataloguing.