Login theft attacks targeted at European, Asian governments

Researchers warn governments to ensure their systems are patched and up-to-date, following an targeted email attack that exploits an older vulnerability on Microsoft Office.

"Open the email attachment, Mr. Carver; Beijing disappears." Image: Trend Micro

Security firm Trend Micro is warning of a new targeted attack aimed at European and Asian governments that seeks to steal login account details from websites and email accounts.

In a blog post on Monday, researchers at the security firm and anti-malware software maker detailed a new "targeted attack" launched against governments in a number of countries.

Read this

How a paranoid US dept took a $2.7m wrecking ball to its own IT systems

Convinced that its systems had been compromised by nation-state hackers, a US government agency spent $2.7 million trying to destroy its IT equipment — even its mice — and only stopped because it ran out of money.

Read More

The attachment exploits CVE-2012-0158, a vulnerability in Office 2003 through to Office 2010 — patched by Microsoft in April 2012 — allowing the hacker to run remote code if the user was duped into opening the attachment containing the malicious code.

"The attacker would have to convince the user to open the attachment in order to exploit the vulnerability," Microsoft said in the security advisory at the time.

If the attachment is opened, login details from the victim's computer are stolen and uploaded to two IP addresses, both located in Hong Kong, the firm said.

A "dummy" Word document is opened to make the target believe that nothing untoward happened.

The malware-laden email message was sent to at least 16 European government officials. And, with a carefully crafted email subject and attached document that looks genuine and appealing to open by the recipient, there is a greater risk that government machines could become infected with the backdoor malware.

Though the email claims to be from the Chinese Ministry of National Defense, Chinese media organizations were also targeted in the attack — making it difficult to identify the source of the malware.