Home page logo
/

dataloss logo Data Loss mailing list archives

Russian space, telecom industries targeted by espionage
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Tue, 11 Dec 2012 20:24:59 -0500

http://www.scmagazine.com/russian-space-telecom-industries-targeted-by-espionage/article/272193/

A number of Russian industries are facing the wrath of
sophisticatedmalware designed to siphon sensitive data, according to
security firm FireEye.

Researchers Alex Lanstein and Ali Islam said in a Monday blog post
that employees working at organizations representing the Russian
space, information, education and telecommunications industries have
been hit bysocially engineered emails containing exploits.

The attacks, which are believed to have originated in Korea, used as
their lure a legitimate Microsoft word document, which launches once
the exploit is "successful," the researchers said.

"One thing that is true in nearly all targeted attacks is that there
is an aspect baked in which the cyber criminal gives the victim a
decoy document," Lanstein and Islam wrote. "As a result, the victim is
dissuaded from the calling the computer help desk, thinking he/she got
[a] legitimate document. This attack is no different."

What makes the campaign unique is that the purveyors don't seem
interested in hiding their stolen data, which includes credentials, as
well as information about where victims are located. The fraudsters
set up their command-and-control center to run on a public Korean
message board, the researchers said.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.


  By Date           By Thread  

Current thread:
  • Russian space, telecom industries targeted by espionage Erica Absetz (Dec 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault