Advanced Agent Tesla: Revealing Cybercriminals’ Actions and Identification

Check Point Reveals Cybercriminal Activities Linked to Agent Tesla

Check Point has conducted a study on a malicious software named Agent Tesla, exposing the actions of cybercriminals from the “Bignosa” and “Gods” groups.

Agent Tesla – Advanced Remote Access Trojan

Agent Tesla is an advanced Remote Access Trojan (RAT) specializing in stealing information from infected machines. The campaign associated with this malicious software targeted mainly organizations in the USA and Australia, starting on November 7, 2023.

Methods of Spreading Agent Tesla

The cybercriminals, operating under the aliases “Bignosa” and “Gods,” spread Agent Tesla mainly through spam emails, impersonating business proposals. They also utilized a tool called Cassandra Protector to conceal the malicious code, thereby increasing the success of infiltration.

Identification of Perpetrators and Their Collaboration

Check Point revealed the hackers’ identities – “Bignosa” was identified as Nosahare Godson from Kenya, while “Gods” was identified as Kingsley Fredrick from Nigeria. Initially, it was believed that there was a mentor-student relationship between them, but further discoveries indicate a closer collaboration as a group.

Online Traces and Collaboration with Law Enforcement

The cybercriminals left numerous digital traces online, allowing researchers at Check Point to discover their identities. The company is currently collaborating with law enforcement agencies, which may lead to official charges and arrests of the perpetrators.

Cybersecurity Recommendations

Check Point’s study emphasizes the need for a vigilant approach to cybersecurity and leveraging digital trace analysis to identify threats. It is recommended to regularly update operating systems and applications and exercise caution with unexpected emails to minimize the risk of infection by malicious software such as Agent Tesla.