Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN Africa
Public Administration News  
Share
South Africa: G20 Summit Used as Bait
Source: itWeb News
Source Date: Thursday, September 12, 2013
Focus: Institution and HR Management
Country: South Africa
Created: Sep 12, 2013

The company added that it has seen a flood of G20-themed attacks in the last few weeks – a number it says has been rising as the summit approaches.

The perpetrator has been identified as "the Calc Team", a group that security researchers have been watching for several years. The group, purportedly from China, is also believed to be behind the New York Times attack earlier this year.
From the same family
The recent attacks all have similar characteristics. All the malware was delivered within a Zip archive, no exploit was apparently involved. All the attacks were G20-themed and all had their malware contact domains pointing to the same host, said rapid7 security researcher Claudio Guarnieri.
The company says it detected the first G20-themed attack in May, which appeared to be a PDF document outlining a development agenda for the Russian presidency and another document entitled "Global Partnership for Financial Inclusion Work Plan 2013".
Guarnieri said both documents were clearly Windows executable files that were disguised as PDFs. He noted it is quite common for an attacker to rely on social engineering to get their targets to open links rather than actual exploits.
He said once opened, both files extract an actual embedded PDF to the user's "Temp" folder, displaying them to the victim to pull the wool over their eyes.
He added that earlier in August, two other G20 attacks were discovered, also using "booby-trapped" documents, that downloaded keylogging malware onto the victim's system. Rapid7 says the C&C server used by the group is still active.
Guarnieri says it is interesting to note, that despite "major international pressure" following the New York Times incident, the group is still operational, and doesn't seem disturbed by all the media attention it has recently received.
If it ain't broke…
Rapid7 does not know how successful the attacks were, or what the result was. "But it's remarkable that despite the high profile of the average target of these espionage operations, the tactics and tools adopted are not as sophisticated as one would expect."
FireEye noted in a blog post a few weeks ago that as long as threat actors are achieving their goals, they have no need to "update or rethink their techniques, tactics, or procedures".
"These threat actors' tactics follow the same principles of evolution – successful techniques propagate, and unsuccessful ones are abandoned. Attackers do not change their approach unless an external force or environmental shift compels them to."
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 143

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2008-2010 by UNPAN - United Nations Public Administration Network