Intelligence Sector Hit by a Targeted Attack
January 22nd, 2010 admin
Topics:
We just blogged about a highly targeted attack against military contractors. Now we saw one against the intelligence sector. This attack was done with a PDF file. Again. It was targeting the CVE-2009-4324 vulnerability. Again. When opened, the PDF file (md5: c3079303562d4672d6c3810f91235d9b) looked like this: What really happens in the background? Just like last time, the exploit code drops a backdoor in a file called Updater.exe (md5: 02420bb8fd8258f8afd4e01029b7a2b0). Now, what is the document talking about? President’s day? DNI Information Sharing Environment? We don’t know, but a quick web search …
Related Posts
We found a new malicious XLS file which contains lots of names, details and contact information for journalists around the world: This file was emailed to unknown persons, apparently in order to launch a targeted attack. The relevance of the journalists mentioned in the attack file is unknown. When the file (md5 hash: 46d0edc0a11ed88c0a39bc2118b3c4e071413a4b)...
We saw a pretty PDF file today (md5: 116d92f036f68d325068f3c7bbf1d535). It looks like this: Nice flowers. Unfortunately, when viewing the file, it uses an exploit against Adobe Reader and drops and runs a file called 1.exe . This executable is a Poison Ivy backdoor. It calls home to a host called cecon.flower-show.org . Whoever controls the computer
Read More →
We’ve previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files , as they are the most commonly used filetype in such attacks. But here’s a fresh set of attacks done with XLS files instead. This is some sort of personnel list. Like the other examples here, it drops and runs...
Over the years, we have multiple times posted examples of what kind of booby-trapped document files have been used in targeted (espionage) attacks. For example: Targeted examples New set of bait files H1N1 Themed Targeted Attack Intelligence Sector Hit by a Targeted Attack Targeted Malware Attacks Against Pro-Tibet Groups On-going Targeted Attacks...
F-Secure Labs has learned of another interesting targeted attack. In this case, malicious PDF files were emailed to US defense contractors. While the “Aurora” attacks against Google and others happened in December 2009, this happened just last week . The PDF file was quite convincing and it looked like it came from the Department of...
Google says an attack originating from China targeted its infrastructure and at least 20 others and was a “highly sophisticated and targeted attack”, apparently to gain access to the e-mail accounts of Chinese human rights activists. From CNN – “Based on our investigation to date we believe their attack did not achieve that...
Microsoft schedules its security updates on the second Tuesday of the month. Adobe recently began following this schedule as well, and while there are no Adobe updates today, there was an out-of-cycle security update two weeks ago. That update should now be applied if you haven’t already done so. Why? Because we’re now seeing the vulnerability...
There’s another malware run underway on Twitter. A fairly large pool of fake accounts are sending out messages with popular hashtags and the text “haha this is the funniest video ive ever seen”. People see these messages when they look for trending topics in Twitter. The shortlinks in the Tweets point to a page under pc-tv.tv...
Over the few last years, we’ve worked with dozens of companies who have been hit with targeted attacks , ie. espionage trojans. Not a single one of these companies went public with the information. Amazingly, Google has now done just that . They’ve announced they were hit with a targeted trojan. The aim of the attack was to gain access...
DHS has identified 15 hypothetical terrorist attack scenarios, but has completed the incident planning work on only one of those scenarios – referred to as “Terrorist Use of Explosives” – which happens to be the scenario that so-called “Black Widow” female Chechnyan suicide bombers appear to have followed when they detonated explosives...
Related Tweets from Twitter
Related News from Digg
Leave a comment
| Trackback
