Feeds

Cyberspy attacks targeting Russians traced back to UK and US

Re-writing the script

Providing a secure and efficient Helpdesk

Security researchers at Trend Micro have discovered a sophisticated cyberspy network geared towards attacking systems in Russia and neighbouring countries.

Cyberespionage efforts against either human rights activists or high-tech Western firms have been going on for a few years. Examples include the Operation Aurora attacks against Google and more recent attempts to hack into the networks of defence contractors such as Lockheed Martin and Mitsubishi Heavy Industries.

Many of these attacks are blamed on China, an accusation the country routinely denies, in part by arguing that it is a victim rather than a perpetrator of such attacks.

The so-called Lurid attacks identified by Trend Micro have hit 47 victims including diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in 61 different countries. But what really sets the attacks apart is that most of the victims are in Russia, Kazakhstan and Vietnam instead of the US or Western Europe. Curiously the common servers running the attack are located in the UK and US.

The Lurid Downloader (AKA Enfal Trojans) that features in the attack has previously been used against Western victims and the Tibetan community. This time around the malware is been pushed towards potential victims using either booby-trapped Adobe files or .RAR archive files containing Trojan code that poses as a screensaver. The attack relies of well-known vulnerabilities, one of which dates back to 2009, rather than zero-day attacks.

Infected systems phone home to command-and-control servers and upload particular documents and spreadsheets. Although Trend does not have access to the contents of files, it has determined the type of data beamed back to base in the more than 1,400 files extracted in the attacks.

"Although our research didn’t reveal precisely which data was being targeted by the attackers, we were able to determine that, in some cases, they attempted to steal specific documents and spreadsheets," writes Trend Micro researcher Nart Villeneuve.

Rik Ferguson, director of security research & communication EMEA at Trend Micro, told El Reg that some of the affected sites used Trend Micro's technology, which helped detect the attack. subsequent detective work led researchers back to two command and control servers, hosted by different ISPs (one in the US and one in the UK). Beyond saying the attack was likely to be motivated by cyberespionage, rather than profit, Ferguson was reluctant to speculate on who might be behind the attack or their motives. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.