Lurid attack targets Government agencies
Trend uncovers a wide ranging attack, in which the hackers stole specific documents.
Another widespread Advanced Persistent Threat (APT) has been found controlling 1,365 computers in 61 different countries, focusing heavily on Government bodies.
The main targets were Russia, Kazakhstan and Vietnam, with the 47 victims identified coming from various organisations, including Government ministries and diplomatic bodies, Trend Micro said.
In some cases, the attackers attempted to steal specific documents and spreadsheets.
Russia was far and away the most targeted country, with 1,063 systems compromised.
Over 300 targeted attacks, hackers managed to have users install the Lurid Downloader malware, otherwise known as Enfal, on thousands of machines.
That malware has been used to target the US Government and non-governmental organisations, although this Lurid APT appears to have no relation to those attacks, Trend said.
This newly-uncovered series of attacks exploited a number flaws in Adobe Reader. Once compromised, infected systems may have had their data stolen and sent to a C&C server over HTTP POST.
"Through communication with the command and control servers, the attackers are able to issue a variety of commands to the compromised computers," wrote David Sancho and Nart Villeneuve, Trend senior threat researchers, in a blog post.
"These commands allow the attackers to send and receive files as well as activate an interactive remote shell on compromised systems. The attackers typically retrieve directory listings from the compromised computers and steal data (such as specific .XLS files)."
Trend said it was difficult to ascertain who perpetrated the attacks, as it is easy to mislead researchers by manipulating sources, such as IP addresses.
"Although our research didn't reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," the Trend researchers added.
The security company's discovery comes after McAfee uncovered a similar APT. The Operation Shady RAT attacks lasted over five years and went after Governments as well as private businesses.
The security giant identified 72 of the compromised parties. Of those 72, 22 were Government organisations.
Navigating the new normal: A fast guide to remote working
A smooth transition will support operations for years to comeDownload now
Leading the data race
The trends driving the future of data scienceDownload now
How to create 1:1 customer experiences at scale
Meet the technology capable of delivering the personalisation your customers craveDownload now
How to achieve daily SAP releases
Accelerate the pace of SAP change to support your digital strategyDownload now