‘Operation Clandestine Fox’ Changes Tools of Attack and Vectors to Trap Victims

Security firm 'FireEye' is cautioning that the cybercriminal gang masterminding targeted attack campaign "Operation Clandestine Fox" is now employing different methods and tools to increase likelihood of breaking through victim's network.

The security vendor first found the group in April 2014 when it discovered zero-day exploits targeting IE9-IE11 versions of Internet Explorer.

Infosecurity-magazine.com published news on 11th June, 2014 quoting the security vendor as "they are very much capable at lateral movement and are hard to be tracked because they don't reuse command and control (C&C) infrastructure."

After few days FireEye revealed that Clandestine Fox campaign was aiming to attack a new-flanged version at unsupported Windows XP machines with IE8 but Microsoft reacted fast to release an emergency fix for those Internauts.

The security firm reveals through a post on Tuesday (10th June, 2014) that the cyber crooks is now blending social media with email-based social engineering tactics to trick Internauts into downloading attachments which contain malware.

Investigators of FireEye focused on one specific worker of an energy firm and noted that a contact named "Emily" had become friends with him on social media.

The targeted employee confirmed that "Emily" had contacted him through some popular social network and after messaging for three weeks "she" sent her "resume" in a ".rar" archive to his personal email id.

The archive file contained a PDF of her resume along with a malicious version of TTCalc which is an open source calculator. When executed, it installed a benign version of itself but slipped a backdoor onto the computer.

V3.co.uk published news on 11th June, 2014 quoting Jason Steer, Director of Technology Strategy with FireEye, as saying: "We recommended businesses to take variety of defensive steps to protect themselves from future social media-based hack attacks which include deleting doubtful emails from unknown people without opening it and employing long passwords without sharing it for multiple accounts."

"Operation Clandestine Fox" is one of several hacker campaigns discovered in past few months. Crowdstrike discovered a 'Putter Panda' hack operation spying on high-tech businesses involved in space, aerospace and telecom industries during first week of June 2014.

» SPAMfighter News - 6/18/2014