Lurid attack targets Government agencies


Another widespread Advanced Persistent Threat (APT) has been found controlling 1,365 computers in 61 different countries, focusing heavily on Government bodies.

The main targets were Russia, Kazakhstan and Vietnam, with the 47 victims identified coming from various organisations, including Government ministries and diplomatic bodies, Trend Micro said.

In some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia was far and away the most targeted country, with 1,063 systems compromised.

Over 300 targeted attacks, hackers managed to have users install the Lurid Downloader malware, otherwise known as Enfal, on thousands of machines.

That malware has been used to target the US Government and non-governmental organisations, although this Lurid APT appears to have no relation to those attacks, Trend said.

This newly-uncovered series of attacks exploited a number flaws in Adobe Reader. Once compromised, infected systems may have had their data stolen and sent to a C&C server over HTTP POST.

"Through communication with the command and control servers, the attackers are able to issue a variety of commands to the compromised computers," wrote David Sancho and Nart Villeneuve, Trend senior threat researchers, in a blog post.

"These commands allow the attackers to send and receive files as well as activate an interactive remote shell on compromised systems. The attackers typically retrieve directory listings from the compromised computers and steal data (such as specific .XLS files)."

Trend said it was difficult to ascertain who perpetrated the attacks, as it is easy to mislead researchers by manipulating sources, such as IP addresses.

"Although our research didn't reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," the Trend researchers added.

The security company's discovery comes after McAfee uncovered a similar APT. The Operation Shady RAT attacks lasted over five years and went after Governments as well as private businesses.

The security giant identified 72 of the compromised parties. Of those 72, 22 were Government organisations.

Read on for our look at whether we can now confidently talk about cyber war.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.