Lurid attack targets Government agencies

Trend uncovers a wide ranging attack, in which the hackers stole specific documents.

Security

Another widespread Advanced Persistent Threat (APT) has been found controlling 1,365 computers in 61 different countries, focusing heavily on Government bodies.

The main targets were Russia, Kazakhstan and Vietnam, with the 47 victims identified coming from various organisations, including Government ministries and diplomatic bodies, Trend Micro said.

In some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia was far and away the most targeted country, with 1,063 systems compromised.

Over 300 targeted attacks, hackers managed to have users install the Lurid Downloader malware, otherwise known as Enfal, on thousands of machines.

That malware has been used to target the US Government and non-governmental organisations, although this Lurid APT appears to have no relation to those attacks, Trend said.

This newly-uncovered series of attacks exploited a number flaws in Adobe Reader. Once compromised, infected systems may have had their data stolen and sent to a C&C server over HTTP POST.

"Through communication with the command and control servers, the attackers are able to issue a variety of commands to the compromised computers," wrote David Sancho and Nart Villeneuve, Trend senior threat researchers, in a blog post.

"These commands allow the attackers to send and receive files as well as activate an interactive remote shell on compromised systems. The attackers typically retrieve directory listings from the compromised computers and steal data (such as specific .XLS files)."

Trend said it was difficult to ascertain who perpetrated the attacks, as it is easy to mislead researchers by manipulating sources, such as IP addresses.

"Although our research didn't reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," the Trend researchers added.

The security company's discovery comes after McAfee uncovered a similar APT. The Operation Shady RAT attacks lasted over five years and went after Governments as well as private businesses.

The security giant identified 72 of the compromised parties. Of those 72, 22 were Government organisations.

Read on for our look at whether we can now confidently talk about cyber war.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020