Feeds

Cyberspy attacks targeting Russians traced back to UK and US

Re-writing the script

The essential guide to IT transformation

Security researchers at Trend Micro have discovered a sophisticated cyberspy network geared towards attacking systems in Russia and neighbouring countries.

Cyberespionage efforts against either human rights activists or high-tech Western firms have been going on for a few years. Examples include the Operation Aurora attacks against Google and more recent attempts to hack into the networks of defence contractors such as Lockheed Martin and Mitsubishi Heavy Industries.

Many of these attacks are blamed on China, an accusation the country routinely denies, in part by arguing that it is a victim rather than a perpetrator of such attacks.

The so-called Lurid attacks identified by Trend Micro have hit 47 victims including diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in 61 different countries. But what really sets the attacks apart is that most of the victims are in Russia, Kazakhstan and Vietnam instead of the US or Western Europe. Curiously the common servers running the attack are located in the UK and US.

The Lurid Downloader (AKA Enfal Trojans) that features in the attack has previously been used against Western victims and the Tibetan community. This time around the malware is been pushed towards potential victims using either booby-trapped Adobe files or .RAR archive files containing Trojan code that poses as a screensaver. The attack relies of well-known vulnerabilities, one of which dates back to 2009, rather than zero-day attacks.

Infected systems phone home to command-and-control servers and upload particular documents and spreadsheets. Although Trend does not have access to the contents of files, it has determined the type of data beamed back to base in the more than 1,400 files extracted in the attacks.

"Although our research didn’t reveal precisely which data was being targeted by the attackers, we were able to determine that, in some cases, they attempted to steal specific documents and spreadsheets," writes Trend Micro researcher Nart Villeneuve.

Rik Ferguson, director of security research & communication EMEA at Trend Micro, told El Reg that some of the affected sites used Trend Micro's technology, which helped detect the attack. subsequent detective work led researchers back to two command and control servers, hosted by different ISPs (one in the US and one in the UK). Beyond saying the attack was likely to be motivated by cyberespionage, rather than profit, Ferguson was reluctant to speculate on who might be behind the attack or their motives. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.