UK And US Link For Lurid Storm Of Cyber-Attacks

Security firm Trend Micro has discovered a web of advanced, persistent, targeted attacks which have compromised 1,465 computers in 61 countries.

The attacks use the “Lurid Downloader”, often referred to as Enfal, which is a well-known malware family. The toolkit cannot be purchased on the open black hat market but has been used in the past to target US organisations.

Shades Of The Cold War

In the current wave of attacks, the main targets are in Russia, Kazakhstan and Vietnam, with some former Soviet Union states (Commonwealth Independent States) also under attack. India and Mongolia also saw some Lurid activity.

Trend Micro said that it has been able to identify 47 victims so far and these include diplomatic missions, government ministries, space-related government agencies and other companies and research institutions – which hints at a nation state being behind the Lurid attacks. Servers running the attack appear to be located in the UK and US, Trend Micro’s Rik Ferguson told The Register.

Reporting in the Trend Micro blog, senior threat researchers David Sancho and Nart Villeneuve wrote: “As is frequently the case, it is difficult to ascertain who is behind this series of attacks because it is easy to manipulate artefacts, e.g. IP addresses and domain name registration, in order to mislead researchers into believing that a particular entity is responsible.

“Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets,” they concluded.

The current wave of exploits mirrors the Operation Aurora cyber-attack on Google and other companies which, for Google, lasted several months in 2009 and gave rise to the name Advanced Persistent Threats (APTs). Adobe Systems, Juniper Networks and Rackspace publicly confirmed being targeted. According to reports in the press, Yahoo, Symantec, Northrop Grumman, Dupont, Morgan Stanley and Dow Chemical were also targeted.

According to McAfee, who first publicised Aurora, the aim was to gain access to source code repositories at these high tech, security and defence contractor companies.

Uncovering such attacks is a vital part of security researchers work because it gives a better understanding of the challenges that defence systems face.

“Defensive strategies can be dramatically improved by understanding how targeted malware attacks work as well as trends in the tools, tactics and procedures of the threat actors behind such attacks. By effectively using threat intelligence derived from external and internal sources combined with security tools that empower human analysts, organisations are better positioned to detect and mitigate such targeted attacks,” Trend Micro said.

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago