Saturday, 21 February 2026

ESET is today issuing an analysis on Operation Potao Express, the cyberespionage group behind the Win32/Potao malware family.

Potao is an example of targeted espionage (APT) malware detected mostly in Ukraine and a number of other CIS countries, including Russia, Georgia and Belarus.

Among the victims that ESET was able to identify, the most notable high-value targets include Ukrainian government and military entities and one of the major Ukrainian news agencies. The malware was also used to spy on members of MMM, a financial pyramid scheme popular in Russia and Ukraine. One of the most interesting discoveries during ESET’s Potao investigation and research was the connection to a Russian version of the now discontinued popular open-source encryption software, TrueCrypt. The website truecryptrussia.ru has been serving a Russian language localized version of the TrueCrypt application that also contains a backdoor, in some specific cases. The trojanized version of the application is only served to selected victims which is another indicator of targeting by the malware operators and also one the reasons why the backdoor has gone unnoticed for such a long time. In addition to serving trojanised TrueCrypt, the domain also acted as a C&C server for the backdoor. The connection to Potao lies in the fact that Win32/Potao has been downloaded in a few cases by Win32/FakeTC (ESET detection name of the trojanized encryption software).

InfoSecurity
Posted On

Using Lock & Key, organisations can enhance their security strategies by requiring a second factor of authentication for storage administrators to gain access to storage systems. By using their access credentials and an encrypted, tamper-resistant, industry-leading IronKey™ secure storage device,administrators will be able to access a secure management user interface for one or more of Imation’s Nexsan Assureon storage systems no matter where they are. Lock & Key solutions are easily deployed in plug-and-play fashion, and can be centrally controlled and administered by anyone in an organisation’s IT team who has the required access privileges.

Industry News
Posted On

  1. Bromium threat report identifies security risks of popular websites and software
  2. Disjointed technologies biggest threat facing UK IT Security Pros
  3. Tripwire finds security flaws in popular Smart Home Hubs
  4. Why chrome extensions will not defeat behavioural profiling used to prevent fraud
  5. PALFINGER records significant revenue growth and exceptionally high increase in earnings
  6. BSIA invites nominations for 2016 Security Personnel Awards
  7. Hilary Clinton emails included classified information
  8. BSIA releases public sector Guide on Information Destruction
  9. New York Magazine suffers likely DDoS attack
  10. AlienVault announces availability of updated open threat exchange
  11. BeyondTrust introduces first commercial least privilege solution for Apple Desktops in the enterprise
  12. Cult of celebrity reaches the gun world
  13. Digital Guardian publishes 'From No to Know'
  14. Free mobile app helps integrators work more efficiently and reduce service costs
  15. Bonhams antique arms and armour sales hit £1 million border



Be a Beacon of Hope in the World

 



Scorpion News Corp

Nigeria Watch International

To expose official corruption in Nigeria, re-orientate the psyche of Nigerians and usher in the Nigerian renaissance

SIA Logo

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

 

About Vigilance

Vigilance is the brain child of a group of veteran journalists and international scholars who have worked in the mainstream media and distinguished themselves nationally and internationally before veering into security practice.

Who's Online

We have 435 guests and no members online

Search