Incident Response, TDR

Researchers observe ‘Animal Farm’ group using variety of malware

Kaspersky Lab on Friday posted about an advanced threat actor – dubbed ‘Animal Farm' – that has been active since at least 2009 and has been observed exploiting zero-day vulnerabilities.

Kaspersky Lab observed Animal Farm using tools known as Bunny, Dino, Babar, NBot, Tafacalou and Casper to compromise targets in Syria, Iran and Malaysia. Victims were additionally identified in the U.S., China, Turkey and a variety of other locations.

The group has targeted government organizations, military contractors, humanitarian aid organizations, private companies, journalists and media groups, and activists, according to the post, which credits Cyphort, G-DATA and ESET with their own individual research on the group.

Citing documents leaked by Edward Snowden and published by Der Spiegel in January, the posts noted that a French intelligence agency is suspected of carrying out the operations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.