Report about hack threat to Tibetan activists used as lure in attack against them
- 22 March, 2012 02:20
Hackers are using a recent report about cyberthreats to Tibetan activists as a lure in a new attack against pro-Tibet organizations that distributes Windows and Mac malware, researchers from security vendor AlienVault said on Monday.
On March 13, AlienVault published a report about email-based cyberattacks against Tibetan activist organizations including the Central Tibet Administration and the International Campaign for Tibet.
The rogue emails seen in those attacks distributed a booby-trapped Word document that exploited a Microsoft Office vulnerability (designated CVE-2010-3333) to install a variant of Gh0st RAT, a remote access computer Trojan.
AlienVault researchers believe that the Tibet attack campaign was organized by the same group of Chinese hackers that launched the so-called Nitro attacks against dozens of chemical sector companies last year.
However, it seems that even though the cyberespionage operation was exposed, hackers haven't given up on targeting pro-Tibet organizations. In fact, they started using AlienVault's report about the campaign as a lure in new attacks against Tibetan activists, said AlienVault researcher Jaime Blasco in a blog post on Monday.
Newly intercepted rogue emails that use spoofed headers to appear as originating from AlienVault warn recipients that Tibetan activist organizations have been targeted in recent cyberattacks.
Successful exploitation attempts result in computer backdoors being installed on both Windows and Mac OS X systems. The Mac backdoor had a zero detection rate on VirusTotal when scanned by AlienVault on Monday, Blasco said. Now, it is detected by six out of the 43 antivirus engines used by the service.
The Mac piece of malware connects to a command and control server hosted on a domain name that was associated in the past with attacks involving the Protux backdoor, Blasco said.
It's not clear whether the Nitro gang is responsible for the new attacks against Tibetan activists, but the group is known to have used similar techniques before. In December 2011, Symantec reported a series of malicious emails sent by the Nitro gang that used the company's original report about the group's operations as a lure.
CVE-2011-3544 exploits have been observed in many targeted attacks during the past month. Last Friday, Kaspersky Lab reported the same vulnerability being exploited in an attack against visitors to popular Russian news websites.
Microsoft also reported a spike in the usage of CVE-2011-3544 exploits, even though they have not been incorporated in popular drive-by download toolkits like Blackhole or Phoenix yet. Users are advised to update their Java installations and remove older versions from their systems in order to thwart attacks that leverage this vulnerability, Microsoft researchers said in a blog post on Tuesday.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Alcatel-Lucent Enterprise Optimizing Cloud Infrastructure with Citrix CloudBridge
- Five Steps to Enabling Secure Mobility
- The “Enterprisation” of Mobile Apps – Moving from Corporate Liability to Business Asset
- Vodafone Ireland Implements World-Class Service Excellence with HP BSM
- How to Manage Risk and Mitigate Threats
Why IT projects really fail
The enlightened CIO’s guide to running projects
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Call Centers Suffer From Big Data Overload
Robust Data Protection Solutions for Virtual Environments
Organisations face a juggling act with the need to improve backup and recovery, increase server virtualization, manage data growth, while remaining in operation. Virtualization has complicated the protection landscape, as protecting virtual environments can be a challenge, especially as VMs are quickly and easily created, moved, and deleted in data centres and in the cloud. This white paper explores how new backup systems have been invigorated with future-proof functionality aimed at today’s virtualized environments, offering the backup “fountain of youth”.
Virtualisation and Cloud Computing: Optimised Power, Cooling and Management Maximises Benefits
IT virtualisation, the engine behind cloud computing, can have significant consequences on the data centre physical infrastructure. The particular effects of virtualisation are discussed and possible solutions or methods for dealing with them are offered. Download to learn more.
Unleashing the Power of Information
If business-relevant information is not well managed, secured and analysed, it can become an underutilized asset or—worst case—a legal and competitive liability. Nearly all of the IT and business executives who responded to a recent survey recognise this risk, and say they understand the importance of having an enterprise information management (EIM) strategy. Find out more on how to reduce costs, improve competitiveness and avoid risk by making information management an enterprisewide strategic priority.