New Targeted Attack Campaign Against Defense Contractors Under Way

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/security/attacks-breaches/231002455/new-targeted-attack-campaign-against-defense-contractors-underway.html

By Kelly Jackson Higgins
Dark Reading
July 22, 2011

The U.S. Defense industry once again is under siege by cyberspies in an 
attack that provides a link to a rigged spreadsheet containing a real 
list of high-level defense industry executives who attended a recent 
Intelligence Advanced Research Projects Activity (IARPA) event.

A Defense contractor friend of Anup Ghosh, CEO of Invincea, sent him a 
copy of a targeted yet suspicious email with the attachment he had 
received unsolicited. "He said he has been a nonstop target of a lot of 
spear-phishing attempts, but this one was very compelling because it was 
purported to have names of attendees to a recent IARPA meeting," Ghosh 
says. It appears that the attackers sent the same email and malicious 
attachment to the other 163 event attendees, he says.

The embedded URL -- which appears to be a subdomain of a domain that 
redirects to the legitimate research project website -- provides a ZIP 
archive to the attendee roster, which includes the names of directors, 
presidents, and CEOs of major Defense and intelligence companies.

"Unzipped, you see an XLS-looking file, but it's actually an 
executable," Ghosh says. "It extracts another custom program that's an 
HTTP client. This client beacons out to a server. You wouldn't notice it 
even if you were looking at your system process table: It looks like 
standard browser activity."

[...]


___________________________________________________________
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com