Security firm Trend Micro has discovered a web of advanced, persistent, targeted attacks which have compromised 1,465 computers in 61 countries.
The attacks use the “Lurid Downloader”, often referred to as Enfal, which is a well-known malware family. The toolkit cannot be purchased on the open black hat market but has been used in the past to target US organisations.
Trend Micro said that it has been able to identify 47 victims so far and these include diplomatic missions, government ministries, space-related government agencies and other companies and research institutions – which hints at a nation state being behind the Lurid attacks. Servers running the attack appear to be located in the UK and US, Trend Micro’s Rik Ferguson told The Register.
Reporting in the Trend Micro blog, senior threat researchers David Sancho and Nart Villeneuve wrote: “As is frequently the case, it is difficult to ascertain who is behind this series of attacks because it is easy to manipulate artefacts, e.g. IP addresses and domain name registration, in order to mislead researchers into believing that a particular entity is responsible.
“Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets,” they concluded.
The current wave of exploits mirrors the Operation Aurora cyber-attack on Google and other companies which, for Google, lasted several months in 2009 and gave rise to the name Advanced Persistent Threats (APTs). Adobe Systems, Juniper Networks and Rackspace publicly confirmed being targeted. According to reports in the press, Yahoo, Symantec, Northrop Grumman, Dupont, Morgan Stanley and Dow Chemical were also targeted.
According to McAfee, who first publicised Aurora, the aim was to gain access to source code repositories at these high tech, security and defence contractor companies.
Uncovering such attacks is a vital part of security researchers work because it gives a better understanding of the challenges that defence systems face.
“Defensive strategies can be dramatically improved by understanding how targeted malware attacks work as well as trends in the tools, tactics and procedures of the threat actors behind such attacks. By effectively using threat intelligence derived from external and internal sources combined with security tools that empower human analysts, organisations are better positioned to detect and mitigate such targeted attacks,” Trend Micro said.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…