The ColorLambert malware family is the most popular creation of the Longhorn hacking group. They also are known as The Lamberts, named after the previously mentioned malware family. It is believed that the Longhorn hacking group's activity traces back to 2008. This hacking group tends to go after high-profile targets only. Their main targets tend to be government bodies, as well as various companies operating in the automotive, healthcare, telecommunication fields.
The Malware Family
The ColoredLambert malware family was given its name because the threats it contains are all color-coded. Of course, each hacking tool in the ColoredLambert malware family is represented by a different color, and most of them serve different purposes:
- Black Lambert – This threat was the first one spotted by malware researchers, and it serves as a backdoor Trojan that connects to a C&C (Command & Control) server and extracts commands on how to carry out the attack. Such backdoors also are referred to as active backdoors.
- White Lambert – This is another backdoor Trojan that operates in a manner that is rather different from the Black Lambert. This threat does not extract instructions from the C&C server actively but rather awaits a ping from the C&C that would deliver the commands needed. This is known as a passive backdoor.
- Blue Lambert – Malware researchers have not determined with any certainty what the purpose of this threat is. It appears to be used in combination with the Black Lambert, and some speculate that it may be used as a backup backdoor if the attackers do not manage to execute the Black Lambert backdoor successfully.
- Green Lambert – This tool appears to be an outdated variant of the Blue Lambert. This backdoor Trojan, however, seems to be compatible with the OSX operating system.
- Pink Lambert – This seems to be the most complex tool in the Colored Lamberts family. It consists of a few modules, which make this tool very flexible. The threat can be used for espionage purposes, like a USB stealer and a custom-developed framework, which allows them to develop unique malware that is cross-platform compatible and can work on systems running Windows, OSX and Linux.
- Grey Lambert – This tool seems to be an upgraded variant of the Pink Lambert. It operates quieter and processes data faster.
Malware researchers speculate that the Longhorn hacking group may be a state-sponsored actor as their targets are always very high-profile, and it is likely that they might be doing the bidding of a government.