According
to Trend Micro, attacks related to the survey were used to infect
computers in businesses, governments and other organizations in over a
hundred countries around the world.
Security researchers from Trend Micro have discovered the existence of computers cyber espionage operation that far yet compromised assets belonging to government departments, business technology, media, academic research institutions and organizations non-governmental organizations in more than 100 countries. The operation, called SafeNet Trend Micro uses traps potential victims of phishing emails and malicious attachments. Researchers at security company dissected the operation of the operation and published their findings in a document.
Their investigation revealed that the operation is based on two server command and control groups (C & C) are, it seems, to conduct two separate campaigns with different objectives attacks, but broadcasting the same malware. In the first phishing campaign, the goal for Tibet and Mongolia, accompanied by a seal. Doc piece that exploits a vulnerability in Microsoft Word corrected by April 2012. According to newspaper reports collected by Trend Micro C & C, 243 server computers - each has a unique IP address - from 11 different countries have been infected. However, researchers found that only three IP addresses, located in Mongolia and South Sudan were still active at the time of the survey.
India and the United States leading victims
Newspapers C & C servers used for the second attack campaign led to record 11,563 unique IP addresses from 116 countries. But, according to researchers at Trend Micro, the actual number of victims is probably much lower. "On average, 71 victims were actively communicating with a given command and control for the IP server," they said. The e-mail used for the second series of attacks have not been identified, but the campaign appears to have broader and more victims are geographically dispersed. The top five countries among the victims are India, the United States, China, Pakistan, the Philippines and Russia.
The malware installed on infected computers is primarily intended to steal information, but its action can be expanded with additional modules. The researchers found the command and control of individual components such as plug-in and ready to use programs that can be used to extract passwords saved in Internet Explorer and Mozilla Firefox, as well as identifying information Remote Desktop Protocol stored in Windows servers. "It is always difficult to know the intentions and the identity of the attackers. However, we can say that the campaign of malware SafeNet has been developed by a professional software engineer and can be linked to cybercrime groups located in China, "said the document issued by Trend Micro researchers Add the follows: "Everyone has been formed in a technology university in the country and seems to have had access to the source code repository of a business Internet service."
The IP addresses used to communicate with the C & C servers were located in several countries, but mainly in China and Hong Kong, as the researchers note. "The attacks also use the VPN and proxy tools like Tor, which is the geographical diversity of IP addresses."
Security researchers from Trend Micro have discovered the existence of computers cyber espionage operation that far yet compromised assets belonging to government departments, business technology, media, academic research institutions and organizations non-governmental organizations in more than 100 countries. The operation, called SafeNet Trend Micro uses traps potential victims of phishing emails and malicious attachments. Researchers at security company dissected the operation of the operation and published their findings in a document.
Their investigation revealed that the operation is based on two server command and control groups (C & C) are, it seems, to conduct two separate campaigns with different objectives attacks, but broadcasting the same malware. In the first phishing campaign, the goal for Tibet and Mongolia, accompanied by a seal. Doc piece that exploits a vulnerability in Microsoft Word corrected by April 2012. According to newspaper reports collected by Trend Micro C & C, 243 server computers - each has a unique IP address - from 11 different countries have been infected. However, researchers found that only three IP addresses, located in Mongolia and South Sudan were still active at the time of the survey.
India and the United States leading victims
Newspapers C & C servers used for the second attack campaign led to record 11,563 unique IP addresses from 116 countries. But, according to researchers at Trend Micro, the actual number of victims is probably much lower. "On average, 71 victims were actively communicating with a given command and control for the IP server," they said. The e-mail used for the second series of attacks have not been identified, but the campaign appears to have broader and more victims are geographically dispersed. The top five countries among the victims are India, the United States, China, Pakistan, the Philippines and Russia.
The malware installed on infected computers is primarily intended to steal information, but its action can be expanded with additional modules. The researchers found the command and control of individual components such as plug-in and ready to use programs that can be used to extract passwords saved in Internet Explorer and Mozilla Firefox, as well as identifying information Remote Desktop Protocol stored in Windows servers. "It is always difficult to know the intentions and the identity of the attackers. However, we can say that the campaign of malware SafeNet has been developed by a professional software engineer and can be linked to cybercrime groups located in China, "said the document issued by Trend Micro researchers Add the follows: "Everyone has been formed in a technology university in the country and seems to have had access to the source code repository of a business Internet service."
The IP addresses used to communicate with the C & C servers were located in several countries, but mainly in China and Hong Kong, as the researchers note. "The attacks also use the VPN and proxy tools like Tor, which is the geographical diversity of IP addresses."
0 comments:
Post a Comment