[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] New Targeted Attack Campaign Against Defense Contractors Under Way
By Kelly Jackson Higgins
July 22, 2011
The U.S. Defense industry once again is under siege by cyberspies in an
attack that provides a link to a rigged spreadsheet containing a real
list of high-level defense industry executives who attended a recent
Intelligence Advanced Research Projects Activity (IARPA) event.
A Defense contractor friend of Anup Ghosh, CEO of Invincea, sent him a
copy of a targeted yet suspicious email with the attachment he had
received unsolicited. "He said he has been a nonstop target of a lot of
spear-phishing attempts, but this one was very compelling because it was
purported to have names of attendees to a recent IARPA meeting," Ghosh
says. It appears that the attackers sent the same email and malicious
attachment to the other 163 event attendees, he says.
The embedded URL -- which appears to be a subdomain of a domain that
redirects to the legitimate research project website -- provides a ZIP
archive to the attendee roster, which includes the names of directors,
presidents, and CEOs of major Defense and intelligence companies.
"Unzipped, you see an XLS-looking file, but it's actually an
executable," Ghosh says. "It extracts another custom program that's an
HTTP client. This client beacons out to a server. You wouldn't notice it
even if you were looking at your system process table: It looks like
standard browser activity."
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com