Tibet Organization Victimized through Targeted Attacks
Alien Vault has launched a wide range of spear phishing attacks against a Tibetan Organization, apparently from Chinese Organization; reports HELP NET SECURITY on March 14, 2012.
It is supposed that these attacks initiated from the same group of Chinese hackers that launched the 'Nitro' attacks against chemical and defense companies last year in 2011 and are aimed at both spying and stealing sensitive information about the organization's activities and supporters.
The nitro attacks were famous for their complexity and successful attacks on at least 100 major servers, using a backdoor malware called poison ivy and Remote Access Tools (RATs).
According to Alien Vault, the attacks begin with a simple spear phishing campaigns that use a polluted PDF to exploit a known vulnerability in Microsoft. The content of the phishing e-mail relates to the Kalachakra Initiation, which is a Tibetan religious festival held in January 2012.
After discovery, it discovered the malware is a variant type of Ghost RAT (remote access Trojan), a kind of software that facilitate anything from stealing documents to turning on a victim's computer microphone.
According to the Labs Head, Jaime Blasco, the spear phishing posts are less complicated and display a Microsoft dot-DOC attachment that use well-known office stack overflow vulnerabilities created long ago in last September and patched by Microsoft, according to the news published in HELP NET SECURITY on March 14, 2012.
The quality of this spear phishing attacks is such that the fingerprints are same as the previous infection attacks which date back to several years from now.
In order to add the elements of authenticity, the malware is further signed digitally although the certificate is legitimate as the source authority would not be there added Blasco. VirusTotal service providing free-of-cost online inspection of viruses on up to 44 IT security applications, that displays even the hidden steps indicating that the infections were detected by two vendors during the attacks.
Related article: Tibet Photos: A New Trick to Entice Potential Victims
» SPAMfighter News - 22-03-2012