Public Administration News
Share
 |
South Africa: G20 Summit Used as Bait |
| Source: |
itWeb News |
| Source Date: |
Thursday, September 12, 2013 |
| Focus: |
ICT for MDGs
|
| Country: |
South Africa |
| Created: |
Sep 12, 2013 |
|
The company added that it has seen a flood of G20-themed attacks in the last few weeks – a number it says has been rising as the summit approaches.
The perpetrator has been identified as "the Calc Team", a group that security researchers have been watching for several years. The group, purportedly from China, is also believed to be behind the New York Times attack earlier this year.
From the same family
The recent attacks all have similar characteristics. All the malware was delivered within a Zip archive, no exploit was apparently involved. All the attacks were G20-themed and all had their malware contact domains pointing to the same host, said rapid7 security researcher Claudio Guarnieri.
The company says it detected the first G20-themed attack in May, which appeared to be a PDF document outlining a development agenda for the Russian presidency and another document entitled "Global Partnership for Financial Inclusion Work Plan 2013".
Guarnieri said both documents were clearly Windows executable files that were disguised as PDFs. He noted it is quite common for an attacker to rely on social engineering to get their targets to open links rather than actual exploits.
He said once opened, both files extract an actual embedded PDF to the user's "Temp" folder, displaying them to the victim to pull the wool over their eyes.
He added that earlier in August, two other G20 attacks were discovered, also using "booby-trapped" documents, that downloaded keylogging malware onto the victim's system. Rapid7 says the C&C server used by the group is still active.
Guarnieri says it is interesting to note, that despite "major international pressure" following the New York Times incident, the group is still operational, and doesn't seem disturbed by all the media attention it has recently received.
If it ain't broke…
Rapid7 does not know how successful the attacks were, or what the result was. "But it's remarkable that despite the high profile of the average target of these espionage operations, the tactics and tools adopted are not as sophisticated as one would expect."
FireEye noted in a blog post a few weeks ago that as long as threat actors are achieving their goals, they have no need to "update or rethink their techniques, tactics, or procedures".
"These threat actors' tactics follow the same principles of evolution – successful techniques propagate, and unsuccessful ones are abandoned. Attackers do not change their approach unless an external force or environmental shift compels them to."
|
|
|
|
|
|
 Tag This |
South Africa: G20 Summit Used as Bait The upcoming G20 Summit scheduled to kick-off in St Petersburg Russia in a week's time is being used as bait by cyber criminals targeting government and financial institutions The Group of Twenty is made up of political leaders finance ministers and bank governors from 19 countries as well as representatives from various European Union institutions The G20 Summits represent a major event within the global community and attract the interest and attention of organisations and individuals worldwide Not surprisingly this includes espionage groups said security company rapid7 in a blog
 Tell A Friend |
 del.icio.us digg this Slashdot |
| Rate: |
0 ratings
|
Views: |
307 |
| Comments: |
0 |
Bookmarked: |
0 |
Tagged: |
0 |
|
|
|
|