We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Russia and allies targeted by huge malware campaign

Over 1,400 computers infected by document-stealing malware

Trend Micro has uncovered evidence of a major targeted malware attack that has managed to infect over 1,400 computers in Russia and its former Soviet satellite states.

After penetrating the command and control servers connected to a gang using the widely-circulating 'Lurid' downloader malware toolkit, the company discovered a list of 47 different victims, 1,465 infected PCs by IP address, across 61 different countries.

Overwhelmingly, the infected systems were in former Soviet republics, with Russia accounting for over a thousand, with smaller numbers in Kazakhstan, Ukraine, Uzbekistan, Belarus, Kyrgystan, plus some in other states such as Vietnam, India and China.

The breadth of the attack across this geographical region strongly suggests a targeted campaign as does the victim types identified which included "diplomatic missions, government ministries, space-related government agencies and other companies and research institutions."

Trend was not able to identify the organisation or state behind the attacks but the vector - exploiting a range of known software vulnerabilities for common apps such as Adobe's Reader - is identical to attacks that have been made public elsewhere in the world in recent times.

"Although our research didn't reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," said Trend's note on the discovery.

The use of the Lurid toolkit plus large numbers of old vulnerabilities puts the attacks in a less sophisticated category to the Night Dragon campaign uncovered by McAfee earlier this year which had used a mixture of zero-day malware and direct server hacking to target Western energy companies.


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model