We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

Russia and allies targeted by huge malware campaign

Over 1,400 computers infected by document-stealing malware

Trend Micro has uncovered evidence of a major targeted malware attack that has managed to infect over 1,400 computers in Russia and its former Soviet satellite states.

After penetrating the command and control servers connected to a gang using the widely-circulating 'Lurid' downloader malware toolkit, the company discovered a list of 47 different victims, 1,465 infected PCs by IP address, across 61 different countries.

Overwhelmingly, the infected systems were in former Soviet republics, with Russia accounting for over a thousand, with smaller numbers in Kazakhstan, Ukraine, Uzbekistan, Belarus, Kyrgystan, plus some in other states such as Vietnam, India and China.

The breadth of the attack across this geographical region strongly suggests a targeted campaign as does the victim types identified which included "diplomatic missions, government ministries, space-related government agencies and other companies and research institutions."

Trend was not able to identify the organisation or state behind the attacks but the vector - exploiting a range of known software vulnerabilities for common apps such as Adobe's Reader - is identical to attacks that have been made public elsewhere in the world in recent times.

"Although our research didn't reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," said Trend's note on the discovery.

The use of the Lurid toolkit plus large numbers of old vulnerabilities puts the attacks in a less sophisticated category to the Night Dragon campaign uncovered by McAfee earlier this year which had used a mixture of zero-day malware and direct server hacking to target Western energy companies.


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback