SAN FRANCISCO: Hackers targeted dozens of computer systems at government agencies across Europe in a series of attacks that exploited a recently discovered security flaw in Adobe Systems Inc’s software, security researchers reported yesterday.
Russia’s Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security, or CrySyS, said the targets of the campaign included government computers in the Czech Republic, Ireland, Portugal and Romania.
They also said a think-tank, research institute and healthcare provider in the United States, a prominent research institute in Hungary and other entities in Belgium and Ukraine were among those targeted by the malicious software, which they have dubbed “MiniDuke”.
The researchers, who declined to further elaborate on the victims’ identities, released their findings as more than 20,000 security professionals gathered in San Francisco for the annual RSA conference.
The researchers suspect MiniDuke was designed for espionage, but were still trying to figure out the attack’s ultimate goal.
Boldizsár Bencsáth, a cyber security expert who runs the malware research team at CrySyS, said that he had reported the incident to Nato’s Computer Incident Response Capability, a group that analyses and responds to cyber threats. Nato officials declined comment.
The MiniDuke operators used an unusual approach to communicate with infected machines, according to the researchers. The virus was programmed to search for Tweets from specific Twitter accounts that contained instructions for controlling those PCs. In cases where they could not access those Tweets, the virus ran Google searches to receive its marching orders. Officials with Twitter and Google could not immediately be reached.
MiniDuke attacked its victims by exploiting recently discovered security bugs in Adobe’s Reader and Acrobat software, according to the researchers. The attackers sent their targets PDF documents tainted with malware, an approach that hackers have long used to infect personal computers.
Bencsáth said he believed the attackers installed “back doors” at dozens of organisations that would enable them to view information on those systems, then siphon off data they found interesting.
Reuters
