Hackers use Adobe to target European governments: experts
By Jim Finkle | February 28, 2013 4:28 AM EST
Hackers targeted dozens of computer systems at government agencies across Europe in a series of attacks that exploited a recently discovered security flaw in Adobe Systems Inc's software, security researchers reported on Wednesday.
Russia's Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security, or CrySyS, said the targets of the campaign included government computers in the Czech Republic, Ireland, Portugal and Romania.
They also said a think tank, research institute and healthcare provider in the United States, a prominent research institute in Hungary and other entities in Belgium and Ukraine were among those targeted by the malicious software, which they have dubbed "MiniDuke".
The researchers, who declined to further elaborate on the victims' identities, released their findings as more than 20,000 security professionals gathered in San Francisco for the annual RSA conference.
The researchers suspect MiniDuke was designed for espionage, but were still trying to figure out the attack's ultimate goal. One researcher, Boldizsár Bencsáth, said he believed a country was behind the attack because of the level of sophistication and the identity of the targets, adding that it was difficult to identify which country was involved.
Bencsáth, a cyber security expert who runs the malware research team at CrySyS, told Reuters that he had reported the incident to NATO's Computer Incident Response Capability, a group that analyzes and responds to cyber threats. NATO officials declined comment.
The MiniDuke operators used an unusual approach to communicate with infected machines, according to the researchers. The virus was programmed to search for Tweets from specific Twitter accounts that contained instructions for controlling those PCs. In cases where they could not access those Tweets, the virus ran Google searches to receive its marching orders.
Officials with Twitter and Google could not immediately be reached. Adobe said the flaws in its Acrobat and Reader programs had been patched.
MiniDuke attacked its victims by exploiting recently discovered security bugs in Adobe's Reader and Acrobat software, according to the researchers. The attackers sent their targets PDF documents tainted with malware, an approach that hackers have long used to infect personal computers.
Adobe spokeswoman Heather Edell said that her firm issued a software update to Acrobat and Reader last week that once installed should protect customers from getting infected by MiniDuke.
Bencsáth said he believed the attackers installed "back doors" at dozens of organizations that would enable them to view information on those systems, then siphon off data they found interesting.
He said researchers have yet to uncover evidence that the operation had moved to the stage where operators had begun to exfiltrate data from their victims.
"This is a unique, fresh and very different type of attack," said Kurt Baumgartner, a senior security researcher with Kaspersky Lab. "The technical indicators show this is a new type of threat actor that hasn't been reported on before."
He said he would not speculate on who the hackers might be.
The MiniDuke hackers exploited security bugs in Reader and Acrobat software that were first identified two weeks ago by Silicon Valley security firm FireEye. The firm reported that hackers were infecting machines by circulating PDFs tainted with malicious software.
(Editing by Jeremy Laurence and Leslie Gevirtz)
Most Popular Slideshows
- Top 5 Richest Tennis Athletes
- Angelina Jolie & Brad Pitt Heads to Malta For New Movie After A Whirlwind French Wedding [PHOTOS]
- 2014 US Open Update (Day 4 - Men's Singles): Murray, Djokovic, Raonic and Isner Advance to 3rd Round [PHOTOS]
- Kate Middleton’s Mom Accused Of Being A Social Climber, Prince George Not Seen By Relatives
Join the Conversation
- Tourre on stand says email in SEC case 'not accurate'
- Syrian authorities blocking access to needy in Homs - Red Cross
- Faith in European Union at low ebb, EU poll says
- Former UBS banker gets 18 months, $1 million fine, for muni bid-rigging scheme
- U.S. judge halts challenges to Detroit's bankruptcy bid
- Sept 19 iPhone 6 Release Date Confirmed as Apple Sets Sept 9 iWatch, 2 iPhones Intro - Report
- iPhone 6 Release Date Update: 4.7-Inch Model Scores 65.8% In Screen-To-Size Ratio; A Surprise Entry Scales Top Spot [List Attached]
- Product Recall Alert: Hewlett-Packard Pulls Out 6M Power Cords from US, Canada Over Fire Hazard Concerns, Australia Also Affected
- ISIS Wants $6.6M and Release of Aafia Siddiqui in Exchange of Head of Female US Humanitarian Aid Worker, 1st American Fighting for Jihadis Dead
- Canada Vs Russia War Erupts Via Twitter on Russia-Not Russia Maps
- Ukraine Ceasefire Looks Remote As Putin Talks Tough At Meeting With Poroshenko
- Windows 9 To Include Interactive Live Tiles and Notification Center in Metro 2.0