Spear Phishing

Regarding this New York Time article: Hackers in China Attacked The Times for Last 4 Months

Spear phishing attacks against businesses, diplomatic and government agencies seem to be very popular with cyber espionage networks. You only need one person to take the wrong action and the entire system is compromised as the New York Times is discovering.

China in 2012 used spear phishing and a .pdf file that exploited a vulnerability in Windows to launch spear phishing attacks against Tibetan activist groups. Antivirus software did not widely recognize the threats as was the case with the NYT’s imbroglio. [1]

In a similar vein to the attacks on the NYT, targeted spear phishing was used in a very recent incident called Operation Red October (lending to the fact that the attacks emanated from a Russophone country). The malware produced from this attack is called ‘Rocra’ and it is aimed at governments and research institutions in former Soviet republics and Eastern Europe.

The New York Times article states “Once they take a liking to a victim, they tend to come back. It’s not like a digital crime case where the intruders steal stuff and then they’re gone. This requires an internal vigilance model.”

It’s intriguing that the Red October attacks embody the spirit of that quote in the design of its malware:

“Red October also has a “resurrection” module embedded as a plug-in in Adobe Reader and Microsoft Office applications. This module made it possible for attackers to regain control of a system even after the malware itself was discovered and removed from the system.”

This is pretty scary stuff but ingenious nonetheless. Organizations need to take heed and make sure they are doing absolutely everything they can to combat attacks and training users about the dangers of spear phishing.

[1] http://www.scmagazineuk.com/chinese-spears-attack-tibetan-activists/article/231923/

[2] http://www.wnd.com/2013/01/red-october-cyberattack-implodes/



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s