Petrochemical Firms Being Attacked by Citadel Malware

Security firm IBM Trusteer says that the malicious Citadel financial banking Trojan is being redesigned from the base of massively distributed botnets to attack petrochemical companies in the Middle East.

IBM Trusteer said that the attacks happened within last few months who discovered redesigned versions of Citadel on the network of the company. The revamped Citadel attacked URLs like webmail of companies and waits for the user to land on the particular URL before it started recording credentials and send them to a central server. The attackers had legitimate access to employee or contractor emails from there and could send and read messages and seek deeper access to the victim's networks to start phishing campaigns.

The analysis stated that the companies targeted by Citadel included "one of the largest sellers of petrochemical products in Middle East and a regional supplier of raw petrochemical materials."

Arstechnica.com published news on 17th September, 2014 quoting Dana Tamir, Director of Enterprise Security of IBM Trusteer, as saying "The attack reveals that both cybercriminals are trying to steal valuable industrial secrets or industrial and nation-state spies are using off-the-shelf malware and infections to collect sensitive information".

She says: "We are observing a trend where these programs are no more committed to just steal money or do financial fraud but can easily be turned into superior tools to attack specific companies and infiltrate their systems".

Threatpost.com published news on 16th September, 2014 quoting Tamir as saying "Financial malware began as man-in-the-browser attacks with a keylogger and some other basic abilities which have become more advanced over the years. These trojans are highly elusive and can bypass detection controls. Secondly, these trojans are distributed massively through campaigns of phishing, malvertising, drive-by downloads and other methods to infect maximum machines. We are finding them at almost every organization."

McAfee also shed light on this trend in early 2013 - hackers using data-stealing Trojan like Citadel to extract information from manufacturing firms, government agencies and other industries which provide significant support to the economy.

Trusteer did not disclose the identity of companies affected by the malware and the attackers behind this particular campaign have still not been identified.

» SPAMfighter News - 9/24/2014