Prominent Cyber Espionage Outbreak Attacks Government Agencies, Services and Others
According to RSA the security company, which recently released a report, one major cyber espionage campaign compromised the computers belonging to almost 1,000 enterprises, non-profit organizations and government agencies via semi-personalized assaults named waterhole assaults so PCs inside sectors such as defense, utilities, global finance as well as government contractors could be infected.
The campaign, which RSA named VOHO, hijacked websites whose viewers resided particularly around Washington D.C. and Boston, alternatively whose viewers hunted special kinds of information like education, defense and political activism. When the security company RSA analyzed the assaults it discovered that over 32,000 computers got diverted to a different destination as they accessed the hijacked Web-servers, while 12 percent of those computers became contaminated with harmful program commonly called malware.
This approach of cyber assault is called "waterhole" tactic. Specifically, in this, attackers spot Internet sites, which, targets they intend to attack, are chanced at accessing, followed with hijacking those sites using software that is created for diverting visitors onto a different server, which delivers malware onto the victims' PCs.
Here one maybe interested to know that anybody visiting a website from amongst those hijacked sites quietly got diverted onto one curling site, according to RSA; however, KrebsonSecurity.com says it was torontocurling.com. This other site subsequently attempted at abusing Microsoft XML Core Services vulnerability alternatively one then zero-day Java flaw. Thus, when contaminated, the Gh0st Remote Access Tool (RAT) would link up with C&C (command-and-control) infrastructures hosted on either the 22.214.171.124 Internet Protocol address or the 126.96.36.199 Internet Protocol address, RSA stated.
It may also be noted that attackers have used the Gh0st RAT within other countries as well while similar as any common botnet malware it intercepts keystrokes, runs microphones and webcams from the remote, hunts local files, executes malicious software and takes down as well as ex-filtrates files.
Moreover, attackers executing the VOHO campaign use a few of the identical techniques and software that were utilized within the Aurora assault which hacked into Intel, Adobe and Google during 2010. However, according to RSA, that doesn't imply that the perpetrators are the same for both the campaigns.
Related article: Pharming Attack Comes to Home Routers
» SPAMfighter News - 06-10-2012