Cybercrime research organisation ESET has revealed a hacking campaign which uses email attachments to steal sensitive information, particularly from smaller companies.
The country being targeted in particular is Pakistan, but the hacking campaign reportedly has spread on a global scale.
“We have identified several different documents that followed different themes likely to be enticing to the recipients. One of these is the Indian armed forces. We do not have precise information as to which individuals or organisations were really specifically targeted by these files, but based on our investigations, it is our assumption that people and institutions in Pakistan were targeted,” said Jean-Ian Boutin, malware researcher for ESET.
Hackers send PDF and other document formats as an attachment via email, which has been coded with malware. The unsuspecting victim then opens the attachment and the malware is immediately activated and begins stealing sensitive information from the computer in question.
The information gathered by the malware is then sent to the hacker’s server and the victim is unaware. Other hacking techniques were also used to steal sensitive information, such as taking screenshots, a key-logger and uploading documents to a hacker’s computer.
Hackers used a code signing certificate, which is then issued to what seems a legitimate company. The company then signed malicious binaries, which increased the malware’s potential to spread. The company in question was reportedly based in New Dehli, India and issued the certificate in 2011.
“We’ve seen a shift from cyber attackers previously targeting purely larger organisations to now focussing on smaller more localised attacks, as the lead time to discovery is longer and their potential gain is increased,” said Lee Bristow, a security consultant at ESET and member of the 4Di Group.
Bristow added: “This was evident in our own back yard recently with SARS (South African Revenue Services) tax rebate spam scam. As an industry, we are going to have to think of innovative ways to combat the misconception that we are all safe online. We urge all corporate IT administrators to regularly review IT security policies and endpoint protection procedures.”
