UK And US Link For Lurid Storm Of Cyber-Attacks

Security firm Trend Micro has discovered a web of advanced, persistent, targeted attacks which have compromised 1,465 computers in 61 countries.

The attacks use the “Lurid Downloader”, often referred to as Enfal, which is a well-known malware family. The toolkit cannot be purchased on the open black hat market but has been used in the past to target US organisations.

Shades Of The Cold War

In the current wave of attacks, the main targets are in Russia, Kazakhstan and Vietnam, with some former Soviet Union states (Commonwealth Independent States) also under attack. India and Mongolia also saw some Lurid activity.

Trend Micro said that it has been able to identify 47 victims so far and these include diplomatic missions, government ministries, space-related government agencies and other companies and research institutions – which hints at a nation state being behind the Lurid attacks. Servers running the attack appear to be located in the UK and US, Trend Micro’s Rik Ferguson told The Register.

Reporting in the Trend Micro blog, senior threat researchers David Sancho and Nart Villeneuve wrote: “As is frequently the case, it is difficult to ascertain who is behind this series of attacks because it is easy to manipulate artefacts, e.g. IP addresses and domain name registration, in order to mislead researchers into believing that a particular entity is responsible.

“Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets,” they concluded.

The current wave of exploits mirrors the Operation Aurora cyber-attack on Google and other companies which, for Google, lasted several months in 2009 and gave rise to the name Advanced Persistent Threats (APTs). Adobe Systems, Juniper Networks and Rackspace publicly confirmed being targeted. According to reports in the press, Yahoo, Symantec, Northrop Grumman, Dupont, Morgan Stanley and Dow Chemical were also targeted.

According to McAfee, who first publicised Aurora, the aim was to gain access to source code repositories at these high tech, security and defence contractor companies.

Uncovering such attacks is a vital part of security researchers work because it gives a better understanding of the challenges that defence systems face.

“Defensive strategies can be dramatically improved by understanding how targeted malware attacks work as well as trends in the tools, tactics and procedures of the threat actors behind such attacks. By effectively using threat intelligence derived from external and internal sources combined with security tools that empower human analysts, organisations are better positioned to detect and mitigate such targeted attacks,” Trend Micro said.

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago