Login theft attacks targeted at European, Asian governments

Summary:Researchers warn governments to ensure their systems are patched and up-to-date, following an targeted email attack that exploits an older vulnerability on Microsoft Office.

"Open the email attachment, Mr. Carver; Beijing disappears." Image: Trend Micro

Security firm Trend Micro is warning of a new targeted attack aimed at European and Asian governments that seeks to steal login account details from websites and email accounts.

In a blog post on Monday, researchers at the security firm and anti-malware software maker detailed a new "targeted attack" launched against governments in a number of countries.

The attachment exploits CVE-2012-0158, a vulnerability in Office 2003 through to Office 2010 — patched by Microsoft in April 2012 — allowing the hacker to run remote code if the user was duped into opening the attachment containing the malicious code.

"The attacker would have to convince the user to open the attachment in order to exploit the vulnerability," Microsoft said in the security advisory at the time.

If the attachment is opened, login details from the victim's computer are stolen and uploaded to two IP addresses, both located in Hong Kong, the firm said.

A "dummy" Word document is opened to make the target believe that nothing untoward happened.

The malware-laden email message was sent to at least 16 European government officials. And, with a carefully crafted email subject and attached document that looks genuine and appealing to open by the recipient, there is a greater risk that government machines could become infected with the backdoor malware.

Though the email claims to be from the Chinese Ministry of National Defense, Chinese media organizations were also targeted in the attack — making it difficult to identify the source of the malware.

Topics: Security, Malware


Zack Whittaker is a writer-editor for ZDNet, and sister sites CNET and CBS News. He is based in the New York newsroom. His PGP key is: EB6CEEA5.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.