KOMPROGO Description

There has been one main actor, in the shape of a hacking group, which has been terrorizing government institutions, media companies, and businesses in the region of South East Asia. This actor is the infamous hacking group OceanLotus, also dubbed APT32 (Advanced Persistent Threat). OceanLotus has a large arsenal of hacking tools. Among them is the KOMPROGO backdoor Trojan. This is a hacking tool, which the OceanLotus group uses rather often in its threatening campaigns. In 2016 one of the more notable cases of attacks involving the KOMPROGO malware took place. The OceanLotus group targeted a Filipino private business and employed the KOMPROGO Trojan in this attack.
The KOMPROGO Trojan can determine whether the system it has infiltrated is a sandbox, an environment used for debugging malware. This is a self-preservation technique, which is a part of the capabilities of the KOMPROGO malware.

The KOMPROGO Trojan gains persistence by manipulating the Windows Registry, which would make sure that the threat is relaunched with every reboot of the infiltrated machine. The KOMPROGO malware is capable of collecting data about the hardware and software of the penetrated machine, determining and managing the processes that are being run, modifying and browsing the files present on the computer, running and using the Windows Command Prompt, and modifying the Windows Registry.

This list may seem somewhat limited compared to other similar threats. However, it is likely that the KOMPROGO malware is only a first-stage malware in what could be a much larger campaign. It also can be used for espionage operations successfully.

For now, the KOMPROGO Trojan only runs on Windows machines, but cybersecurity experts have found evidence that OceanLotus may be working on a variant of this threat, which will be compatible with OSX systems too. The OceanLotus hacking group is relentless in its attacks and the constant updates of their arsenal of tools. It is crucial that businesses and organizations take their safety online seriously and train their employees on how to avoid risky behavior online as one wrong click may end up costing the businesses a fortune.