Home Unlabelled Hackers target security researchers with malware-laden document

Hackers target security researchers with malware-laden document

By
Monday, October 23, 2017
Read
Add Comment
istock-washington-dc.jpg

Attackers are using documents about a real Washington cyber warfare conference to deliver malware.

Image: iStock

State-backed hackers are apparently attempting to target security researchers with their latest campaign, using a document advertising a cyber security conference as the lure.

Security researchers are being sent a malicious document titled 'Conference_on_Cyber_Conflict.doc' contains information about a US security conference: but while the conference is real, the document is a fake, using content ripped from the conference website and posted it into a Word document.

The nature of the lure being distributed by hackers means they're likely to be using it to target people interested in or linked to cyber security.

The campaign has been uncovered by researchers at Cisco Talos, who've attributed it to who they call 'Group 74' - the operation also known as APT28, Sofacy and Fancy Bear, a Russian hacking collective with links to the Kremlin.

cybersec-conference-lure-doc.png

The lure document contains information written by and logos of the real conference organisers.

Image: Cisco Talos

Malware contained within the malicious document, Seduploader, has been used in previous campaigns by Fancy Bear, and is commonly used to drop malware for the purposes of espionage.

Seduploader is capable of taking screenshots, exfiltrating data, executing code, downloading additional files and more, all very much pointing to the goal of espionage and stealing information from infected victims.

See also: Cyberwar: A guide to the frightening future of online conflict

Unlike previous campaigns by this threat actor, the malicious document doesn't contain an Office exploit or a zero-day, but rather contains a malicious Visual Basic for Applications (VBA) macro, designed to run code within the selected application, which in this case in Microsoft Word.

The demonstrates the extent to which attackers will research news and events related to desired targets in order to craft the most convincing looking lure possible targets - in this case, those in the area of cyber security.

While it might seem daring to directly target people in the security industry, if anyone did fall for the lure, the attackers could gather extremely useful information.

READ MORE ON CYBER CRIME



from Latest Topic for ZDNet in... http://ift.tt/2h0UoF9
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us