Threat researchers track major international targeted APT attack

A pair of threat researchers are reporting the arrival of a major targeted attack campaign against servers in 61 countries, with victims ranging diplomatic missions, government ministries, space-related government agencies and other companies and research institutions.

According to David Sancho and Nart Villeneuve, approaching 1,500 systems have been tracked as compromised, with the bulk of the compromised servers being in Russia, Kazakhstan and Vietnam, as well as a smattering of former states in the USSR sphere of influence.

This particular campaign, they assert, consists of more than 300 malicious, targeted attacks, monitored by the attackers using a unique identifier embedded in the associated malware.

“Our analysis of the campaigns reveals that attackers targeted communities in specific geographic locations as well as campaigns that targeted specific victims. In total, the attackers used a command and control network of 15 domain names associated with the attackers and 10 active IP addresses to maintain persistent control over the 1465 victims”, they say in their security posting.

The `Lurid Downloader ‘ – aka Enfal – is a well-known malware family but it is not a publicly available toolkit that can be purchased by aspiring cybercriminals, say the researchers.

via Infosecurity – Trend Micro threat researchers track major international targeted APT attack.


About gatoMalo

I am a veteran served on the USS Saratoga. After the military I worked on computers for the last 30 or so years. I worked as a hardware, software, network, email, groupware developer and security dude. I am now an abuelo. I belive in guarding the guards. We are all citizen warriors for our country the 5th battlefield is Cyber Space so here I am. Later, quis custodiet ipsos custodes? View all posts by gatoMalo

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: