Researchers at Blue Coat Labs in California have discovered a malware what they call ‘Inception’ which first targeted diplomats and government organizations in Russia and later spread to other countries.
“A previously undocumented attack framework” is being used to launch highly targeted attacks to gain access to, and extract confidential information from, victims’ computers, according to Blue Coat.
Targets include individuals in strategic positions, executives in important businesses such as oil, finance and engineering, military officers, embassy personnel and government officials.
The Inception attacks began by focusing on targets primarily located in Russia or related to Russian interests, but have since spread to targets in other locations around the world. The preferred malware delivery method is via phishing emails containing trojanized documents, the study added.
Blue Coat Lab researchers have recently found that the attackers have also created malware for Android, BlackBerry and iOS devices to gather information from victims, as well as seemingly planned MMS phishing campaigns to mobile devices of targeted individuals.
To date, Blue Coat has observed over 60 mobile providers such as China Mobile, O2, Orange, SingTel, T-Mobile and Vodafone, included in these preparations, but the real number is likely far higher, Blue Coat explains in a statement.
Initial malware components have, in all cases that Blue Coat has observed, been embedded in Rich Text Format (RTF) files. Exploitation of vulnerabilities in this file format is leveraged to gain remote access to victim’s computers. These files are delivered to the victim via phishing emails with exploited Word documents attached.
When the user clicks on the attachment, a Word document is displayed to avoid arousing suspicion from the user while malicious content stored inside the document in encoded form writes to their disk. Unusual for many exploit campaigns, the names of the dropped files vary and have been clearly randomized in order to avoid detection by name.
The malware gathers system information from the infected machine, including OS version, computer name, user name, user group membership, the process it is running in, locale ID’s, as well as system drive and volume information. All of this system information is encrypted and sent to cloud storage via WebDAV.
The framework is designed in such a way that all communication after malware infection (i.e. target surveying, configuration updates, malware updates, and data exfiltration) can be performed via the cloud service.
Initially, attacks campaigns seemed to be largely focused on Russia and a few other Eastern European countries. However, Blue Coat has also seen attacks on targets in other countries across the globe including India and the Middle East.
While information about targets is limited, Blue Coat researchers have uncovered a number of phishing emails highlighting industry targets.
The US State Department has shut down its entire unclassified email system after detecting a breach in its computer network. According to reports, the “activity of concern” was detected in the system concurrently with another cyber attack which hit the network at the White House computer network
The Indian government has dedicated a budget of $16. 2 million to increase cyber security and cyber defense in the country
With data breaches, ransomware and cyber attacks increasing at an alarming rate worldwide, the cyber insurance market is booming as well. The costs of data breaches run in the millions and take months, if not years, to recover, repair and investigate
The United Arab Emirates is gearing up to launch a cyber command within the General Headquarters (GHQ) of the UAE Armed Forces. Sources with knowledge on the matter told Defenseworld
The Chinese Peoples Liberation Army (PLA) founded Cyberspace Strategic Intelligence Research Center at an information center of the General Armaments Department (GAD) on June 26, 2014. The Cyberspace Strategic Intelligence Research Center is an intelligence platform built on research efforts of an information center of the GAD and the wisdom of the experts in various fields
The United States is reportedly facing a shortage of cybersecurity professionals — particularly for positions within the federal government because it does not offer salaries as high as the private sector. According to a study published by the RAND organization, the demand for cybersecurity professionals began to overtake supply in 2007, largely due to increased reports of large-scale hacking, including the leakage of credit card data, attacks on Internet connectivity, and the discovery of "advanced persistence threats" — teams of hackers who go after intellectual property by establishing a persistent presence in the networks of U
A malware called VPNFilter targeted at routers in Ukraine has infiltrated devices in some 54 nations, warns Talos, the cybersecurity division of computer systems company Cisco. "While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country," Anadolu Agency reports quoting an announcement made by Talos
Russian next generation nuclear powered attack submarines will continue to have a double-hull structure, according to Malakhit design bureaus deputy general director Nikolai Novoselov. “The displacement will be roughly similar to that of the Yasen-class subs – some 12,000 tons or even slightly less,” Malakhits deputy general director Nikolai Novoselov said in an interview with RIA Novosti
Turkish Navy to get First Indigenous Aircraft Carrier in 2020
Egypt Cold to US Sanctions Threat Over $2B Su-35 Jets Buy
Mongolia’s First Ever Fighter Jets-Two MiG-29s, To Arrive on Nov 26
Japan Orders Lockheed Solid State Radar SPY-7 Sets for Aegis Ashore
Russia Seeks Customers for 6 Upgraded, Former Indian Air Force Su-30 Fighters
Italian Arms Exports to Pakistan Jump four-folds in 1 year
Indonesia Plans F-16 V Fighter Jets Purchase, Russian Su-35 still on Anvil
Boeing admits Parachute 'Deployment Anomaly' in Spaceflight Abort Test
Several joint production and direct procurement programs could be halted if the US and Europe carry through with their threat...
Sanctions-hit Iran has found ingenious ways to develop military hardware
Artificial Intelligence (AI) is rapidly permeating the defence industry to aid and improve human decision-making
Upgrade of Russias Sukhoi Su-30SM fighters to equip them with armaments, radar, sensors and engines from the more powerful Su-35...
US companies sanctioned by China for supplying weapons to Taiwan may be denied rare earth elements (REEs), which have critical...
While the US F-35 stealth aircraft has become one the fastest selling fighter jets in the world aircraft market, thanks...