These websites are compromised in advance by the attackers and injected to serve malicious code. Watering holes are websites commonly visited by potential victims. The attackers use both direct spear-phishing e-mails and watering hole attacks to infect victims. Watering hole attacks that rely on social engineering to trick the user into running fake “Flash Player” malware installers.Watering hole attacks using Java exploits (CVE-2012-1723), Adobe Flash exploits (unknown) or Internet Explorer 6, 7, 8 exploits (unknown).
Social engineering to trick the user into running malware installers with “.SCR” extension, sometimes packed with RAR.The attacks detected in this operation fall into several different categories depending on the initial infection vector used in compromising the victim: In total, Kaspersky Lab experts counted several hundred victim IPs distributed in more than 45 countries, with France at the top of the list. Most of the victims are located in the Middle East and Europe, however, we observed victims in other regions as well, including in the USA. Targets of “Epic” belong to the following categories: government entities (Ministry of Interior, Ministry of Trade and Commerce, Ministry of Foreign/External affairs, intelligence agencies), embassies, military, research and education organizations and pharmaceutical companies. The latest Kaspersky Lab research on this operation reveals that Epic is the initial stage of the Turla victim infection mechanism. Turla, also known as Snake or Uroburos is one of the most sophisticated ongoing cyber-espionage campaigns. Virus Type: Advanced Persistent Threat (APT) What is Epic Turla?
0 kommentar(er)
