ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Lambert

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Lambert

NamesLambert
Plexor
CategoryMalware
TypeInfo stealer
DescriptionFrom the start, Symantec suspected Longhorn was an outlier, saying it appeared to be different from other potential cybercrime groups. That assessment was based in part on Longhorn using a zero-day software exploit, which Symantec found embedded within a Microsoft Word document. The exploit delivered a data-stealing tool called Plexor.

'The malware had all the hallmarks of a sophisticated cyberespionage group,' Symantec writes. 'Aside from access to zero-day exploits, the group had preconfigured Plexor with elements that indicated prior knowledge of the target environment.'
Information<https://www.bankinfosecurity.com/symantec-links-longhorn-group-to-cia-hacking-files-a-9824>
<https://securelist.com/blog/research/77990/unraveling-the-lamberts-toolkit/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.lambert>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

Previous: Kwampirs
Next: Lastacloud

All groups using tool Lambert

ChangedNameCountryObserved

APT groups

X    ↳ Subgroup: Longhorn, The LambertsUSA2009 
 Equation GroupUSA2001-Aug 2016X

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key