Feeds

Fifteen countries KO'd in malware one-two punch

Snakes follow scouts as high value targets become snack food

Providing a secure and efficient Helpdesk

Someone suspected to be backed by a nation state is attacking embassies of former soviet states with a malware tool that has infiltrated networks across more than 15 countries.

Hacked embassies of unnamed former soviet states include those located in: France; Belgium; Ukraine; China; Jordan; Greece; Kazakhstan; Armenia; Poland, and Germany.

Suspected nation state attackers sent previously known but capable malware to staff at the embassies to establish a foothold for reconnaissance in a bid to locate valuable human targets, according to Symantec researchers.

Infection began like many targeted campaigns through infection of various websites likely to be visited by embassy staff -- a tactic known as watering hole attacks. Malware was only foisted on users visiting from specific internet protocol addresses.

At least 84 websites have been turned into watering holes.

If the Wipbot or Tavdig malware foisted on embassy computers to establish a network foothold returned interesting and high profile targets, the unnamed actors would distribute the more complex malware known variously as Turla, Uroboros, Snake, or Carbon.

"In one instance, the malware delivered was disguised as a Shockwave installer bundle," researchers said.

"Wipbot was then used to gather further information about the infected computer. If the attackers deemed the victim of interest, it appears likely that a second back door Trojan.Turla with far greater capabilities was downloaded on to the victim’s computer."

Attackers based somewhere in the UTC +4 time zone have popped scores of embassy computers since 2012 and those in the Prime Minister's department of an unnamed former soviet nation.

Other government department offices including The Ministry of Health of a Western country, Education department of a Central American nation, and an energy authority in a Middle Eastern state. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.