Trend Micro has uncovered a targeted attack aimed at government agencies in various countries across Asia and Europe.
Claiming to be from the Chinese Ministry of National Defense, the attack is in the form of a bogus e-mail from a Gmail account that contains a malicious attachment that exploits a vulnerability in MS Office versions from Office 2003 to Office 2010, which was patched over a year ago.
The malicious attachment is detected as TROJ_DROPPER.IK and the backdoor itself as BKDR_HGDER.IK.
A blog by Jonathan Leopando, a technical communications specialist at Trend Micro, says the exploit is used to drop a backdoor onto the system, which steals login credentials for Web sites and e-mail accounts from Internet Explorer and Microsoft Outlook.
In addition, it opens a legitimate "dummy" document to fool the reader into believing nothing untoward has occurred. The stolen data is then uploaded to two IP addresses located in Hong Kong, although those servers have subsequently been shut down.
Leopando says this attack targeted employees of European and Asian governments, and contained information that would be of interest to these individuals. He says Chinese media groups were also targets of this attack, and the backdoor has also been detected in the wild, but most frequently seen in China and Taiwan.
"The vulnerability used in this attack is one that is commonly used by targeted attacks. High-profile campaigns like Safe and Taidoor have made use of this vulnerability; if anything, it's a commonly targeted flaw in sophisticated campaigns," he says.
Share
