Trend Micro has uncovered evidence of a major targeted malware attack that has managed to infect over 1,400 computers in Russia and its former Soviet satellite states.
After penetrating the command and control servers connected to a gang using the widely-circulating ‘Lurid’ downloader malware toolkit, the company discovered a list of 47 different victims, 1,465 infected PCs by IP address, across 61 different countries.
Overwhelmingly, the infected systems were in former Soviet republics, with Russia accounting for over a thousand, with smaller numbers in Kazakhstan, Ukraine, Uzbekistan, Belarus, Kyrgystan, plus some in other states such as Vietnam, India and China.
The breadth of the attack across this geographical region strongly suggests a targeted campaign as does the victim types identified which included “diplomatic missions, government ministries, space-related government agencies and other companies and research institutions.”
Trend was not able to identify the organisation or state behind the attacks but the vector – exploiting a range of known software vulnerabilities for common apps such as Adobe’s Reader – is identical to attacks that have been made public elsewhere in the world in recent times.
“Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets,” said Trend’s note on the discovery.
The use of the Lurid toolkit plus large numbers of old vulnerabilities puts the attacks in a less sophisticated category to the Night Dragon campaign uncovered by McAfee earlier this year which had used a mixture of zero-day malware and direct server hacking to target Western energy companies.