• Evidence that PetyaWrap is from a Russia-linked hacking group “TeleBots”

    Posted on June 30, 2017 at 17:51 CDT by Comment in the Forums

    Interesting tweet stream from Catalin Cimpanu.

    He connects the dots and, based on a report from ESET, deduces that PetyaWrap comes from a hacking organization known as TeleBots, which targeted the US before 2015, and the Ukraine after 2015.

    ESET now confirms Telebots hacked MEDoc and installed a backdoor

    which apparently was used to seed PetyaWrap.

    That doesn’t explain all of the PetyaWrap infections, but it does explain the best-known infection vector.

    In addition, Dan Goodin has more evidence on Ars Technica that the people behind PetyaWrap got the leaked NSA code weeks before Shadow Brokers released it to the world. Dan calls it an “unproven theory” but it’s a interesting one.

    Thx @Kirsty

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.