Monday, September 26, 2011

Whitepaper: The "Lurid" Downloader (APT)


This report investigates a campaign of targeted malware attacks that has successfully compromised 1465 computers in 61 different countries. Based on the project path embedded in the malware, we have named this specific campaign “Lurid Downloader” although the malware is typically known as “Enfal”. The majority of the victims are located in Russia and other members of the Commonwealth of Independent States (CIS). We were able to identify 47 victims that include numerous government ministries and diplomatic missions along with space-related government agencies, companies and research institutions in Russia and other members of the CIS along with a smaller amount of similar entities in Europe.

The threat actors behind “Lurid Downloader” launched 301 malware campaigns targeting entities in specific countries or geographic regions and tracked the success of each campaign by embedding a unique identifier in each instance of malware and associating it with specific victims. While some campaigns resulted in numerous victims, others were very specific and targeted resulting in only one or two victims. While previous Enfal activity has been typically associated with threat actors in China, it remains unclear who is behind the Lurid Downloader attacks.

No comments:

Post a Comment