Tuesday, September 27, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
AMD Brings The Power Of Polaris To Embedded With New Radeon E9260 and E9550 GPUs
Toshiba Introduces the Value-oriented OCZ TL100 SATA SSD Series
Xiaomi Mi 5S Plus Guns for Apple
Samsung Says Global Replacement Program for Galaxy Note7 Has Made Progress
NXP Says New ARM Cortex-A7 Processor Is The Industry's Lowest Power
YouTube Go App Lets You Watch Videos Offline
Disney Working On Potential Twitter Bid: report
World's Largest Music Strem Ripping Site Faces Legal Action
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Cyber A...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, February 27, 2013
Cyber Attack Targets Nato, Government Websites


Security researchers have identified an ongoing cyber-espionage campaign that compromised computers belonging to government organizations, research institutes.

The unknown malware exploits an exploited a 0-day vulnerability in Adobe Reader and was named 'Miniduke' by Kaspersky Labs and CrySyS Lab, who discovered the new threat. Adobe said a software patch issued last week should protect users from "MiniDuke" providing they downloaded it.

To compromise the victims, the attackers used effective social engineering techniques which involved sending malicious PDF documents to their targets. According to Kaspersky Labs, the PDFs were highly relevant and well-crafted content that fabricated human rights seminar information (ASEM) and Ukraine's foreign policy and NATO membership plans. These malicious PDF files were rigged with exploits attacking Adobe Reader versions 9, 10 and 11, bypassing its sandbox.

Here is how it works: Once the system is exploited, a very small downloader is dropped onto the victim's hard disk. This downloader is unique per system and contains a customized backdoor written in Assembler. When loaded at system boot, the downloader uses a set of mathematical calculations to determine the computer's unique fingerprint, and in turn uses this data to uniquely encrypt its communications later.

If the target system meets the pre-defined requirements, the malware will use Twitter and start looking for specific tweets from pre-made accounts. These accounts were created by MiniDuke?s Command and Control (C2) operators and the tweets maintain specific tags labeling encrypted URLs for the backdoors.

These URLs provide access to the C2s, which then provide potential commands and encrypted transfers of additional backdoors onto the system via GIF files.

Once the infected system locates the C2, it receives encrypted backdoors that are obfuscated within GIF files and disguised as pictures that appear on a victim's machine.

Once they are downloaded to the machine, they can fetch a larger backdoor which carries out the cyberespionage activities, through functions such as copy file, move file, remove file, make directory, kill process and of course, download and execute new malware and lateral movement tools.

The final stage backdoor connects to two servers, one in Panama and one in Turkey to receive the instructions from the attackers.

By analysing the logs from the command servers, researchers at Kaspersky Labs have observed 59 unique victims in 23 countries:

Belgium, Brazil, Bulgaria, Czech Republic, Georgia, Germany, Hungary, Ireland, Israel, Japan, Latvia, Lebanon, Lithuania, Montenegro, Portugal, Romania, Russian Federation, Slovenia, Spain, Turkey, Ukraine, United Kingdom and United States.

Nato has not officially confirmed its servers were attacked. The security researchers also declined to further elaborate on the targets' identities.


Previous
Next
Sony To Sell Tokyo Office Building for $1.2 Billion        All News        Freescale Introduces The World's Smallest ARM Microcontroller
Sony To Sell Tokyo Office Building for $1.2 Billion     General Computing News      Google Will Not Open Retail Stores

Get RSS feed Easy Print E-Mail this Message

Related News
Millions Of Android Devices Infected With Chinese Malware
'GODLESS' Android Mobile Malware Uses Multiple Exploits to Root Devices
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps
ESET Discovers New Self-protecting USB Trojan
Video Malware Attack Spreads Across Websites
Malware Attacks Non-jailbroken Apple iOS Devices
F-Secure Identifies Malware Family Linked To Russian State-backed Cyber-espionage
Android Ransomware Can Change Your Mobile's PIN Code
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App
Researchers Identify New iOS Vulnerability
WireLurker Malware Targets Apple Devices

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .