Near the end of November, Microsoft issued a security advisory about a zero-day vulnerability that affects older versions of the Windows operating system which was being leveraged by a malicious PDF file to deliver a backdoor payload onto targeted systems.
According to researchers examining the malware, “the backdoor is noteworthy for its use of multiple anti-analysis techniques that aren’t typically used together,” including the ability to hide from debuggers, leading the researchers to believe the attack may have been state-sponsored.
Further analysis of the attacks have revealed that the exploit was delivered by way of malicious emails to more than two-dozen embassies in the Middle East disguised as an attachment with a subject line that referred to the unrest in Syria in a targeted phishing campaign.
“Whoever was responsible for this attack had the means, motivation and opportunity to carry out a targeted attack across multiple targets. This suggests a level of organization and available resources beyond ordinary cybercriminals,” the researchers stated.
“Beyond that, we are unable to draw any other conclusions. We do not know if the embassies were indeed affected by the malware mentioned or if there are other sets of targets, only that the samples received strongly suggest that the embassies were the intended recipients.”
The full extent of the the infections that resulted from the attacks are as of yet unknown or undisclosed, and the advanced evasion capabilities of the malware used will make the task of ascertaining attribution that much more difficult.
Categories: Top Security Stories