Banking Trojan has targeted Bundestag

06/15/2015
G DATA Blog

After the initial reports on the attacks on the Bundestag (German Federal Parliament), variants of the Swatbanker family are now putting the Bundestag's intranet on a watch list. The operators of the botnet are apparently trying to steal access data and server responses associated with this site. It is not clear whether this is a new attack or whether the same attackers who were active in May have expanded their pattern of attack. Since the first reports of the attacks on the Bundestag, we have been searching for clues as to the initiators, but as yet there have been no hints as to the origin. Now experts at G DATA have discovered that a group using the Swatbanker banking Trojan has had its eyes on the Bundestag. Swatbanker is also known under the name Geodo and is a successor to Cridex, alias Feodo.

Analysis of the configuration files

Continuation or new start?