G-20 themed emails deliver spying malware to EU, Canadian officials
Posted on 27.08.2013
The topic of the G-20 summit that is scheduled to be held in Russia next month is being misused by multiple cyber espionage groups some of which have been tracked to China, warn Rapid 7 researchers.

As the date of the start of the summit approaches, the number of G-20 themed attacks has been slowly increasing, and the targets are mostly people inside government and financial institutions.

One of these groups - dubbed Calc Team or APT-12 - has been tied to the recent New York Times hack, but it has been attacking government agencies, financial institutions and defense contractors for several years now.

Their modus operandi consists of sending a (in this case G-20 themed) email that contains malware delivered within a Zip archive, and the malware contacts different domains resolving to the same IP address. The attackers are not relying on an exploit for the malware to be run, but are counting on the victims being intrigued enough to open the file themselves.

Once they do that, two decoy legitimate PDF files are opened to placate any suspicion the victims might have.


In the background, an initial dropper tries to download and execute additional malware and starts to log the victims' keystrokes.

Judging by the countries from which random users uploaded the suspected malware to VirusTotal and the subjects of the spear-phishing emails, the group is currently targeting Canadian, EU and Hungarian officials.

"Unfortunately we have no visibility into the result of the attacks and whether the operators managed to be successful, but it's remarkable that despite the high profile of the average target of these espionage operations, the tactics and tools adopted are not as sophisticated as one would expect," the researchers note.

"As also pointed out by FireEye, the creators of the malware seem to be actively changing things around in order to avoid detection by network defense layers, which combined with the lack of exploitation involved, it leaves a large responsibility on the targeted user to be able to recognize the social engineering attempt and isolate the attack."









Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //