Register that a sophisticated targeted attack has been launched from India, designed to steal information from a range of government and private enterprise victims in Pakistan, China and elsewhere.
What began as an investigation into an attack on Norwegian operator Telenor soon uncovered evidence to show attackers probably hailing from India had been lifting info from business, government, political organisations for as long as three years.
Attackers used spear phishing techniques, exploiting known Microsoft software vulnerabilities – no zero days – to drop info-stealing malware dubbed "HangOver" onto victims’ machines.
The researchers at Norman explained how the initial Telenor attack allowed them to widen the investigation, as follows:
We have direct knowledge of only one attack – the one against Telenor. During this investigation we have obtained malware samples and decoy documents that have provided indications as to whom else would be in the target groups. We have observed the usage of peculiar domain names that are remarkably similar to existing legitimate domains. We have also obtained sinkhole data for a number of domains in question and found open folders with stolen user data in them; enough to identify targets down to IP and machine name/domain level.These IP addresses hail from a large range of countries globally including China, Russia, France and the US but the vast majority correspond to Pakistan.
Read more about it at: The Register
If you like Silicon Buzzard, please follow us on | Twitter | Facebook |