Trend Micro researchers have found targeted attack on government agencies in Asia and Europe. The email is sent from a Gmail account supposedly from the Chinese Ministry of National Defense.
The message reportedly contains a malicious attachment which exploits vulnerabilities in Microsoft Office that were patched by the company more than a year ago. The email affects all versions of Microsoft Office 2003 to Office 2010 and gets a backdoor entry onto the users system. The malware steals login credentials for websites and email accounts. It also creates a dummy document that makes the user believe that nothing malicious is happening. Any stolen information is then uploaded to two IP addresses located in Hong Kong.
The targeted attacks were apparently aimed at personnel in Asia and Europe governments as well as Chinese media organizations. The message was sent to 16 officials in European countries and has email and attachments that would be of interest to the personnel. The attack was aimed at organizations which use Internet Explorer and Outlook.
According to the company, "Trend Micro products detected the threat and have blocked the message and C&C servers. The company detected the malicious attachment as TROJ_DROPPER.IK. In addition, Deep Discovery was able to protect our customers by heuristically detecting the malicious attachment using the ATSE (Advanced Threats Scan Engine)."
Sharda Tickoo, PMM - Trend Micro India stated, “The vulnerability used in this attack is one that is commonly used by targeted attacks. High-profile campaigns like Safe and Taidoor have made use of this vulnerability; if anything it’s a commonly targeted flaw in sophisticated campaigns.”