Adobe flaw allows hackers in

2013-02-28 09:21
Kaspersky Lab does analysis of malware threats at its offices in Moscow. (Duncan Alfreds, News24)

Kaspersky Lab does analysis of malware threats at its offices in Moscow. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

kalahari.com

San Francisco - Hackers targeted dozens of computer systems at government agencies across Europe through a flaw in Adobe Systems' software, security researchers said on Wednesday, while Nato said it too had been attacked.

The alliance said its systems had not been compromised, although it was sharing the details of the attack with Nato member states and remained vigilant. Security experts say governments and organisations such as Nato are attacked on a daily basis - although the sophistication varies wildly.

These particular attacks appeared both widespread and innovative, the private computer security firms announcing the discovery said, with one expert saying he believed a nation-state might be responsible.

Russia's Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security, or CrySyS, said the targets of the campaign included government computers in the Czech Republic, Ireland, Portugal and Romania.

They also said a think tank, a research institute and a healthcare provider in the US, a prominent research institute in Hungary and other entities in Belgium and Ukraine were among those targeted by the malicious software, which they have dubbed "MiniDuke".

Adobe

The researchers suspect MiniDuke was designed for espionage, but were still trying to figure out the attack's ultimate goal.

"This is a unique, fresh and very different type of attack," said Kurt Baumgartner, a senior security researcher with Kaspersky Lab. "The technical indicators show this is a new type of threat actor that hasn't been reported on before."

He said he would not speculate on who the hackers might be.

The malware exploited a recently identified security flaw in Adobe's software. Adobe said a software patch issued last week should protect users from "MiniDuke" providing they downloaded it.

Boldizsár Bencsáth, a cyber security expert who runs the malware research team at CrySyS, said that he had reported the incident to Nato, although it was not clear if that was what first alerted the alliance.

Bencsáth said he believed a nation-state was behind the attack because of the level of sophistication and the identity of the targets, adding that it was difficult to identify which country was involved.

Exactly how serious the attacks were was not immediately clear, nor who exactly the targets were or at what level European governments were alerted.

The Czech counterintelligence agency BIS said they were not aware of any massive hacking attacks on Czech institutions from abroad recently.

Malware

The Czech National Security Bureau, responsible for government data, was not immediately available for comment. Neither were officials from other states said to be affected.

A Nato official in Brussels had earlier said the alliance was not directly hit, but he said later that he had been incorrect. He gave no further details.

The researchers, who declined to further elaborate on the targets' identities, released their findings as more than 20 000 security professionals gathered in San Francisco for the annual RSA conference.

MiniDuke attacked by exploiting recently discovered security bugs in Adobe's Reader and Acrobat software, according to the researchers. The attackers sent their targets PDF documents tainted with malware, an approach that hackers have long used to infect personal computers.

The bugs were first identified two weeks ago by Silicon Valley security firm FireEye. The firm reported that hackers were infecting machines by circulating PDFs tainted with malicious software.

The MiniDuke operators used an unusual approach to communicate with infected machines, according to the researchers. The virus was programmed to search for Tweets from specific Twitter accounts that contained instructions for controlling those personal computers. In cases where they could not access those Tweets, the virus ran Google searches to receive its marching orders.

Officials with Twitter and Google could not immediately be reached.

China

Bencsáth said he believed the attackers installed "back doors" at dozens of organisations that would enable them to view information on those systems, then siphon off data they found interesting.

He said researchers had yet to uncover evidence that the operation had moved to the stage where operators had begun to exfiltrate data from their victims.

Privately, many Western government and private sector computer experts say China is the clear leader when it comes to state-sponsored cyber attacks to steal information - although they rarely say so publicly and Beijing angrily denies it.

According to cyber security expert Alexander Klimburg at the Austrian Institute for International Affairs, however, the closest attack to this in style was a Trojan dubbed "TinBa" identified two months ago and used for banking fraud attacks. That was suspected to have been built by Russian hackers, he said, talking down the prospect of state involvement.

"There are some interesting aspects to the attacks," said Klimburg, pointing to the use of Twitter. "(But) most of the attack does not seem that new at all. Some of the... 'tricks', such as using pictures to hide data, are more reminiscent of proficient students rather than government agencies."

Read more on:    kaspersky lab  |  adobe  |  cybercrime
NEXT ON NEWS24X

SHARE:

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
1 comment
Add your comment
Comment 0 characters remaining
 

Inside News24

 
/News
 
Traffic
Lottery
 
  • Tuesday Delft - 11:47 AM
    Road name: R300 Southbound
    ACCIDENT in the right lane before the Hindle Road exit
  • Tuesday Kuils River - 11:39 AM
    Road name: Polkadraai Road Eastbound
    ROADWORKS between the R102 Van Riebeeck Road and the R310 Baden Powell Drive exit - HEAVY DELAYS
 
More traffic reports...
 

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Magical Massinga

Spend 5 nights at the gorgeous Massinga Beach Lodge in Mozambique and only pay for 4 from R13 220 per person sharing. Includes return flights, accommodation, transfers and romantic turndown. Book now!

Kalahari.com - shop online today

Deal of the Week!

Get bestselling John Green novels now just R99 each! Hurry and get yours while stocks last. Shop here.

Mind blowing deals on beauty & fragrances

Save up to 30% off beauty and fragrances. Offer valid while stocks last. Shop now!

Up to 50% off hair care products!

Save up to 50% on professional hair care products at kalahari.com. Offer valid while stocks last. Shop now!

30% off academic books

Score a mind blowing 30% off academic books! Offer valid while stocks last. Shop now!

Mind blowing deals on electronics!

Save up to 35% on electronics. Offer valid while stocks last. Shop now!

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Nokia E6

Nokia E6 has 8-megapixel digital camera with autofocus and built...

From R2599.69

I'm shopping for:

Horoscopes
Aquarius
Aquarius

Something may come up to alert you of your security needs. It may be that you need to create a better structure for your finances...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.