Sunday, September 25, 2011

Russian Space Systems Hacked in Lurid Attack

Via ZDNet (UK) -

Over a thousand systems in the Commonwealth Independent States (CIS) were hacked in a search for documents, spreadsheets and archive files, the security company said on Friday. Organisations in 60 other countries, including Vietnam, India and Mongolia, were also targeted.

The hackers have compromised Russian central government computers, diplomatic missions and space-related government agencies in the attack. The main Russian institution associated with space research is the Russian Federal Space Agency.

"This has all the hallmarks of espionage-related activity, given the concentration of targets," Trend Micro solutions architect Rik Ferguson told ZDNet UK. "We are liaising with companies directly and talking to local computer emergency response teams."

The cyberattack is being referred to as the 'Lurid DownLoader' attack, after the malware used. Overall, it has compromised 1,465 unique hosts in 61 different countries, Trend Micro said in a blog post.

The Russian computer emergency response team (RU-CERT) said it was aware of the Trend Micro report, but had not received any other information from the security company.

"Next week I'll ask colleagues in law enforcement to look at this," RU-CERT deputy head Mikhail Ganev told ZDNet UK. "If government systems have been attacked, it's the duty of law enforcement to look at it."

-----------------------------------------------------------------------

In addition to the Lurid APT attack, Trend Micro also recently outlined ongoing attacks on several defense companies in Japan, Israel, India and the USA. It is unknown if this attack outlined by Trend Micro is connected to the attacks made public by Mitsubishi Heavy Industries (MHI). Trend Micro is a Japanese company.

Geographical User Base vs. APT Discussion and Disclosure Cases

It is interesting to see more and more AV vendors discussing in public about APT-type attacks. Each vendor has a unique install base, which is different than any other vendor. One vendor may have a huge install base in a geographical area where the others have very few. This install base (thus visibility into geographical areas) will naturally impact the type of attacks it can discover or discuss.

No comments:

Post a Comment