Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Cyber-Espionage Campaign Hits Government Sites in Asia, Eastern Europe

    By
    Fahmida Y. Rashid
    -
    September 23, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Researchers have uncovered a series of cyber-attacks targeting government agencies and research institutions around the world. But unlike recent high-profile incidents, China has not been blamed.

      Attackers targeted 47 victims including space-related government agencies, diplomatic missions, research institutions and companies located in 61 countries, including Russia, India, Mongolia, Vietnam and the Commonwealth of Independent States (former Soviet Union countries), Trend Micro researchers wrote in a Sept. 22 blog. Trend Micro classified the attack as an advanced persistent threat and said a total of 1,465 computers had been targeted, including the ones belonging to the Russian Federal Space Agency.

      Dubbed “Lurid,” these attacks do not appear be very different from other recent stealth cyber-campaigns, such as Shady RAT, Aurora and Night Dragon. Employees received malicious emails designed to exploit vulnerabilities in unpatched software, most often Adobe Reader and Microsoft Office, wrote David Sancho and Nart Villeneuve, senior threat researchers at Trend Micro.

      The malicious attachments did not always rely upon zero-day vulnerabilities, but used older, reliable exploits going as far back as 2009. The zero-days were saved for “hardened targets,” but Trend Micro has not yet come across those emails.

      “In total, the attackers used a command and control network of 15 domain names associated with the attackers and 10 active IP addresses to maintain persistent control over the 1,465 victims,” Sancho and Villeneuve wrote.

      The Enfal malware family has been used to attack government and non-governmental organizations in the United States working with the Tibetan community in the past. However, there appear to be no direct links between this particular attack and the previous ones, Sancho and Villeneuve wrote.

      The attacks appear to have started in August 2010 and the malicious emails were sent in “waves.” Logfiles intercepted by Trend Micro identified at least 301 waves of discrete mail campaigns because each malware sent back a “marker” to the C&C servers to identify itself. A little over half, or 59 percent, were directed toward unique hosts. Once one machine had been compromised inside an organization, the attackers used it as a jumping-off point to infect other machines on the network.

      One version of the malware installed itself as a Windows service and the other version added itself to the Windows start-up routine. The malware also allowed attackers to gain shell access to issue a variety of commands on the compromised system.

      In the Lurid campaign, once a system was compromised, attackers used the “Enfal” downloader Trojan to steal spreadsheets, documents and other information. Enfal has been around since at least 2006, but it is not commonly sold on underground criminal forums.

      Stolen documents were uploaded to Websites hosted on command-and-control servers located in the United States and the United Kingdom. This doesn’t mean the attackers were based in the United States or UK as attackers can hide their tracks by compromising servers anywhere in the world and using tools such as virtual private networks (VPN) to mislead investigators. In recent cyber-attacks, such as “Shady RAT,” China was often blamed just because the command-and-control servers appeared to be based in China.

      Trend Micro has gained access to the logfiles on the c&c server but did not access the server directly. Nor has it discovered the actual stolen files. A non-governmental organization working on Tibet-related projects submitted the initial malware to Trend Micro for analysis in March.

      Trend Micro has notified the Federal Bureau of Investigation and the Metropolitan Police Central eCrime Unit.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×