Feeds

Oil and gas giants' PCs polluted by new cyber-spy Trojan

Advanced Persistent Threat 'Mirage' group is back

5 things you didn’t know about cloud backup

Hackers bent on espionage have infiltrated a large oil company in the Philippines, an energy biz in Canada and a military organisation in Taiwan among others, claim researchers.

The crooks also targeted other as yet unidentified businesses in Brazil, Israel, Egypt and Nigeria, according to the preliminary results of a probe by Dell SecureWorks. The researchers have been tracking the hackers' so-called Mirage campaign for about five months since April.

Secureworks reckons the group behind these latest attempts to obtain company secrets are the same miscreants who launched attacks against a Vietnamese petroleum firm and others in February in the so-called Sin Digoo affair. Email addresses linked to command servers associated with the Mirage campaign also emerged in the Sin Digoo op.

"This indicates that either the actors behind both the Sin Digoo Affair and Mirage APT [Advanced Persistent Threat] campaigns are the same person, or they are working within the same hacker group," the Dell SecureWorks team concluded in a report.

One of the people behind the Sin Digoo campaign previously ran a blackhat search engine optimisation business, which uses shady techniques to boost clients' websites up search rankings. And the malware used to infect corporate machines in the Mirage espionage disguises its connections to the hackers' server as harmless Google search queries. It pulls off this trick by crafting HTTP requests that look like typical lookup requests to Google's search engine frontend. Targeted emails containing booby-trapped attachments are used to push inject the Mirage Trojan onto Microsoft Windows PCs.

Victims are simply tricked into executing the files, at which point the malicious software installs itself and phones home with the specifications of the infected computer. It is not immediately clear exactly what kind of data is stolen by the spying software. Some variants of the worm include a line from The Matrix: "Neo, welcome to the desert of the real." Another variant includes a lyric from the REM song It's the end of the world as we know it.

The IP addresses of the systems used by hackers to remotely control Mirage-infected machines belong to the China Beijing Province Network (AS4808), as did three of the IP addresses used in the Sin Digoo campaign. "AS4808 is known for many other connections to malware and is considered by some to be a hotbed of espionage C2s [command and control servers]," SecureWorks concludes.

More details on the espionage campaign can be found on the SecureWorks website. ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?