MiniDuke Hackers Target European Government Through Adobe Reader Flaw
By David Gilbert | February 28, 2013 5:10 AM EST
Security researchers have uncovered highly sophisticated and targeted attack on the computer systems of almost 60 government and regulatory agencies in 23 countries.
The hackers have used a recently discovered zero-day vulnerability in Adobe Reader and Acrobat software to install backdoors on the compromised systems giving them unfettered access to sensitive information.
The discovery of the malware, dubbed MiniDuke, was made jointly by Russian security firm Kaspersky Labs and Hungary's Laboratory of Cryptography and System Security, or CrySyS as security professionals gathered in San Francisco for the annual RSA Conference.
According to the report, government computers in the Czech Republic, Ireland, Portugal and Romania had been compromised. The researchers also revealed that a think tank, research institute and healthcare provider in the United States were targets, along with a prominent research institute in Hungary and other entities in Belgium and Ukraine.
Oracle, the company which owns the Adobe software, has said the vulnerabilities have now been patched, and it urged any users who haven't updated their software to do so immediately.
While there is no concrete information about who is behind this latest cyber-espionage attack, one of the researchers involved in tracking the hackers believes a nation state was behind the attack.
Nation state attack
Boldizsár Bencsáth said he believed a country was behind the attack because of the level of sophistication and the identity of the targets, adding that it was difficult to identify which country was involved.
Bencsáth, a cyber security expert who runs the malware research team at CrySyS, told Reuters that he had reported the incident to NATO's Computer Incident Response Capability, a group that analyzes and responds to cyber threats. NATO officials declined comment.
The hackers used very sophisticated social engineering tactics in order to infect the computer systems.
Emails purporting to be from very reputable sources relating to such subjects as human rights seminar information (ASEM), Ukraine's foreign policy and NATO membership plans were sent with malicious PDF files attached.
Once these documents were opened, a small file is dropped onto the computer which opened a backdoor, allowing the hackers to communicate with the infected PC.
In a strange twist to this well-trodden path, the hackers used Twitter to send instructions to the infected PCs. The malware was programmed to search for specific Twitter accounts and if they failed to access these, they carried out a Google search to get the relevant information.
Kaspersky Labs have said the MiniDuke attackers are still active at this time and have created malware as recently as 20 February.
To contact the editor, e-mail: