Incident Response, Malware, TDR

Kaspersky Lab provides updates on ‘Crouching Yeti’ threat group

Kaspersky Lab has released new information on the threat group referred to as “Crouching Yeti” that it initially wrote about in July 2014.

As of March 4, “we successfully monitored 69 C2 server (unique domains), receiving hits from 3699 victims (unique IDs of the Trojan/backdoor) connecting from 57796 different IP addresses,” according to a Tuesday post. “We gathered four additional C2s since the publication of the first report (65 in the last report).”

The most widely used trojan is Havex with 3,375 unique victims, followed by Sysmain with 314 unique victims and ClientX with 10 unique victims. Previously, the majority of victims were in the U.S., but now Spain, Poland and Greece top the country distribution list.

Havex victims are primarily using Windows XP, and a smaller number are using Windows 7, according to the post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.