Spear Phishing Campaign Targets Defense, Aerospace Industries
Spear fishing in the Peruvian Amazon.
CREDIT: Yuval Gelber/Released into public domain
High-level employees in the defense and aerospace industries are under siege from targeted, malicious emails posing as conference invitations.
In a joint warning issued by the security firms Seculert and Zscaler, researchers said the carefully crafted spear-phishing emails have landed in the inboxes of "several government-related organizations," including a U.S.-based global defense technology company. The warning said these fraudulent messages, initially spotted on Dec. 25, come from a source that has been carrying out similar attacks since 2009.
To lure in victims, and stay under the radar of network security software, the emails attempt to disguise themselves as Microsoft Windows Update requests. After inviting the target recipients to a "conference you may possibly be interested in" — examples include an IEEE aerospace conference and an Iraq peace conference — the emails direct readers to click on an attachment, which is actually a corrupt PDF that, when opened, exploits an Adobe Reader flaw.
This sets off a chain reaction, allowing the Trojan, dubbed "MSUpdater Trojan" and labeled "msupdater.exe," to effectively open a backdoor into infected systems, harvest the computer's data and connect to a remote server that can trigger the malware to execute further commands.
The researchers said, "If your organization encounters this type of advanced threat, it will most likely be persistent and bound to exist undetected for a long period of time in your network, as well as most probable to happen again in the future."
It's sound advice, considering that a bevy of government organizations, such as NASA, the U.S. Department of Justice, the Japanese parliament, the British Treasury, the CIA and FBI, as well as financial firms and defense contractors such as Lockheed Martin, have all had their websites or servers compromised in similar ways in just the past year.