Category Archives: APT -Attacks

AFP: Mitsubishi Heavy ‘targeted by over 50 computer viruses’

TOKYO — Japanese defence contractor Mitsubishi Heavy has been hit by over 50 separate computer viruses in a series of cyber attacks so far this year, a report said Monday.

One of the infected computers contracted 28 types of virus, including ones that could have been prevented with existing anti-virus software, the Yomiuri Shimbun said, amid concerns over the security of defence information.

The defence ministry plans to tell Mitsubishi Heavy to file detailed reports on its cyber security measures, the newspaper said.

Mitsubishi Heavy is analysing 83 computers hit by the attacks and has found more than 50 kinds of viruses, significantly more than the eight strains that the company announced on September 19, the newspaper said.

The company declined to comment for the Yomiuri story, citing an ongoing police investigation, while Mitsubishi officials could not be reached on Monday — a national holiday — for immediate comment.

via AFP: Mitsubishi Heavy ‘targeted by over 50 computer viruses’.


Threat researchers track major international targeted APT attack

A pair of threat researchers are reporting the arrival of a major targeted attack campaign against servers in 61 countries, with victims ranging diplomatic missions, government ministries, space-related government agencies and other companies and research institutions.

According to David Sancho and Nart Villeneuve, approaching 1,500 systems have been tracked as compromised, with the bulk of the compromised servers being in Russia, Kazakhstan and Vietnam, as well as a smattering of former states in the USSR sphere of influence.

This particular campaign, they assert, consists of more than 300 malicious, targeted attacks, monitored by the attackers using a unique identifier embedded in the associated malware.

“Our analysis of the campaigns reveals that attackers targeted communities in specific geographic locations as well as campaigns that targeted specific victims. In total, the attackers used a command and control network of 15 domain names associated with the attackers and 10 active IP addresses to maintain persistent control over the 1465 victims”, they say in their security posting.

The `Lurid Downloader ‘ – aka Enfal – is a well-known malware family but it is not a publicly available toolkit that can be purchased by aspiring cybercriminals, say the researchers.

via Infosecurity – Trend Micro threat researchers track major international targeted APT attack.