Thursday, 16 April 2015

Target Cyber Espionage Strikes Back With Backdoor

An organization that was the target of an attack by cyber spies have beaten back with its own attack to infect the cyber spies. Researchers from the Russian anti-virus firm Kaspersky Lab saw several emails from a known group called Naikon espionage, which is very active mainly in Asia. The group sends documents from a three year old vulnerability in Microsoft Office use to infect computers.

One of the targets, however, sent an e-mail back to the attackers to confirm the authenticity of the message. The attackers left them know that it was a legitimate message that they had to send. The target responded again with a second e-mail, provide a RAR file. The RAR file containing several documents, but also an SCR file. This proved to be a backdoor which could take over the target computer cyber spies.

Further research from Kaspersky Lab revealed that the target was in fact a group of cyber spies, who was named Hellsing.This group focuses on targets in Malaysia, the Philippines and Indonesia. Countries where the Group operates Naikon. The Hellsing group was unknown to Kaspersky Lab, but could be discovered thanks to the remarkable communication with other espionage group.

Internet users who want to protect against these types of attacks are advised not to open attachments from strangers, be careful with password protected archive files that contain SCR or other executable files and keep all software up to date. In case users do not trust, they can choose to open the attachment in a sandbox.

No comments:

Post a Comment