Trend Micro researchers have uncovered a targeted attack launched against government agencies in various countries. The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name.
 
The fake message document contains a malicious attachment, which exploits vulnerability in Microsoft Office that was patched more than a year ago. The exploit is used to drop a backdoor onto the system, which steals login credentials for websites and email accounts from Internet Explorer and Microsoft Outlook.
Trend Micro products already detect all aspects of this threat  the message and C&C servers are now blocked; the malicious attachment is detected as TROJ_DROPPER.IK and the backdoor itself as BKDR_HGDER.IK.
 
Sharda Tickoo, Product Marketing Manager, Trend Micro India, said, The vulnerability used in this attack is one that is commonly used by targeted attacks. High-profile campaigns like Safe and Taidoor have made use of this vulnerability; if anything, it is a commonly targeted flaw in sophisticated campaigns.
 
This particular attack was aimed primarily at both personnel belonging to Europe and Asia governments. The message was sent to 16 officials representing European countries alone. In addition, the information stolen and where it was stolen from  is very consistent with targeted attacks aimed at large organizations that use corporate mainstays like Internet Explorer and Outlook.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
 
    
                                    
                               
 
                             
  
  
  
  
  
  
  
  
  
  
  
 

 
  
  
  
  
  
  
  
  
  
 