XAgent: Difference between revisions

Browse history interactively ← Previous edit Next edit →Content deleted Content addedVisual WikitextInline

Revision as of 16:33, 5 January 2025 editJalenBarks (talk \| contribs)Extended confirmed users, Page movers, Rollbackers103,621 editsm Reverted edit by Dw258 (talk) to last version by WikishovelTags: New redirect Rollback Reverted← Previous edit		Revision as of 19:06, 5 January 2025 edit undoRsjaffe (talk \| contribs)Administrators56,296 edits Copyvio revdel completed (RR)Tags: Removed redirect RevertedNext edit →
Line 1:		Line 1:
			{{Short description\|Malware program}}
	#REDIRECT ]

	{{R from alternate spelling}}
			{{DISPLAYTITLE:''X-Agent''}}
	{{copyvio-revdel\|url= https://usanews. com/newsroom/XAgent_AI_Unveils_XAgent_LLM_Revolutionizing_Bidding_in_30T_Global_Procurement_Market \|start1=1267537710}}
			{{infobox computer virus
			\|Fullname=''X-Agent''\|Common name=\|Classification=\|Type=Spyware\|Subtype=\|IsolationDate=\|Origin=\|Author=]<ref name="CrowdStrike">{{cite news\|url=https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/\|title=Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units\|newspaper=Crowdstrike.com \|date=22 December 2016\|publisher=CrowdStrike\|quote=CrowdStrike associates the use of X-Agent with an actor we call FANCY BEAR. This actor to date is the exclusive operator of the malware}}</ref>\|Ports used=\|OSes=Windows, Linux, ], ]\|Filesize=\|Language=}}

			'''X-Agent''' or '''XAgent''' is a spyware and ] designed to collect and transmit hacked files from machines running Windows, Linux, iOS, or Android, to servers operated by hackers. It employs ] attacks and the program is designed to "hop" from device to device.<ref>{{cite web \|last=Williams \|first=Martyn \|date=4 February 2015 \|title=New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones \|url=http://www.pcworld.com/article/2880152/new-spyware-targets-ios-devices-steals-pictures-and-data.html \|access-date=22 July 2016 \|website=PC World}}</ref><ref>
			{{cite web \|last=Ranger \|first=Steve \|date=6 February 2015 \|title=iOS spyware steals texts, photos, contacts, switches on voice recorder \|url=https://www.zdnet.com/article/ios-spyware-steals-texts-photos-contacts-switches-on-voice-recorder/ \|access-date=22 July 2016 \|website=ZD Net}}</ref><ref>
			{{cite web \|date=4 February 2015 \|title=Pawn Storm Update: iOS Espionage App Found \|url=http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/ \|website=Trend Micro}}</ref> In 2016, ] identified an ] variant of the malware for the first time, and claimed that the malware targeted members of the Ukrainian military by distributing an infected version of an app to control ] artillery.<ref name="CrowdStrike" /> The ] denied CrowdStrike's report and stated that losses of Howitzer artillery pieces had "nothing to do with the stated cause".<ref>{{cite news \|date=January 6, 2017 \|title=Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software \|url=http://en.interfax.com.ua/news/general/395186.html \|agency=]}}</ref>

			Slovak computer security company ] obtained the X-Agent source code in 2015 and described its inner workings in a report released in October 2016.<ref>{{Cite web \|last=ESET \|date=October 2016 \|title=En Route with Sednit \|url=https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf \|access-date=December 21, 2017 \|website=www.welivesecurity.com}}</ref>

			A Washington, DC grand jury indictment (resulting from Robert Mueller's investigation into Russian election interference) charges that agents of the Russian GRU in Moscow "developed, customized and monitored X-Agent malware used to hack the DCCC and DNC networks beginning in or around April 2016" (item 15, at the end of page 4 and the beginning of page 5).<ref>{{cite wikisource\|title=U.S. v. Viktor Borisovich Netyksho, et al\|date=2018\|first=Robert\|last=Mueller\|authorlink=Robert Mueller\|wspages=4\|pages=4-5\|scan=Page:Netyksho_et_al_indictment.pdf/4}}</ref>

			== References ==
			{{reflist}}

			{{Hacking in the 2010s}}
			]
			]
			]
			]


			{{malware-stub}}

Revision as of 19:06, 5 January 2025

Malware program

XAgent
Type	Spyware
Authors	Fancy Bear
Technical details
Platform	Windows, Linux, iOS, Android

X-Agent or XAgent is a spyware and malware program designed to collect and transmit hacked files from machines running Windows, Linux, iOS, or Android, to servers operated by hackers. It employs phishing attacks and the program is designed to "hop" from device to device. In 2016, CrowdStrike identified an Android variant of the malware for the first time, and claimed that the malware targeted members of the Ukrainian military by distributing an infected version of an app to control D-30 Howitzer artillery. The Ukrainian army denied CrowdStrike's report and stated that losses of Howitzer artillery pieces had "nothing to do with the stated cause".

Slovak computer security company ESET obtained the X-Agent source code in 2015 and described its inner workings in a report released in October 2016.

A Washington, DC grand jury indictment (resulting from Robert Mueller's investigation into Russian election interference) charges that agents of the Russian GRU in Moscow "developed, customized and monitored X-Agent malware used to hack the DCCC and DNC networks beginning in or around April 2016" (item 15, at the end of page 4 and the beginning of page 5).

References

^ "Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units". Crowdstrike.com. CrowdStrike. 22 December 2016. CrowdStrike associates the use of X-Agent with an actor we call FANCY BEAR. This actor to date is the exclusive operator of the malware
Williams, Martyn (4 February 2015). "New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones". PC World. Retrieved 22 July 2016.
Ranger, Steve (6 February 2015). "iOS spyware steals texts, photos, contacts, switches on voice recorder". ZD Net. Retrieved 22 July 2016.
"Pawn Storm Update: iOS Espionage App Found". Trend Micro. 4 February 2015.
"Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software". Interfax-Ukraine. January 6, 2017.
ESET (October 2016). "En Route with Sednit" (PDF). www.welivesecurity.com. Retrieved December 21, 2017.
Mueller, Robert (2018). U.S. v. Viktor Borisovich Netyksho, et al . pp. 4-5 – via Wikisource.

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach HackingTeam Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Advanced
persistent threats

Individuals

Major vulnerabilities
publicly disclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

This malware-related article is a stub. You can help Misplaced Pages by expanding it.

Categories: