Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Government ministries, diplomatic missions and space-related state agencies in Russia, Kazakhstan and Vietnam have become victims of a targeted attack.
Up to 1465 computers in more than 60 countries were infected with malware in the attacks, researchers say.
It was unknown if sensitive data was stolen although researchers say attempts were made.
The attacks, dubbed Lurid, contained known malware and a custom toolkit used previously in attacks againt the US Government, researchers at Trend Micro said.
It exploited Adobe Reader vulnerabilities and malware embedded as *.rar compressed screensavers.
Attacks were controlled through a network of 15 domain names, 10 active IP addresses and unique identifiers embedded in malware.
Trend Micro security research director Rik Ferguson said the malware sent stolen information from compromised computers to the command and control network over HTTP POST.
“As is frequently the case, it is difficult to say for certain who is behind this series of attacks as it is easy to manipulate artefacts, such as IP addresses and domain name registration, to mislead researchers into believing that a particular entity is responsible,” Ferguson said.
The attacks come on the heels of a similar campaign dubbed ShadyRAT, discovered and named by McAfee. Critics of that research said the attacks were unsophisticated botnets.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.