Rapid 7 the security company cautions that several cyber-spying gangs are abusing the approaching Russia hosted September 2013 G20 Summit, with a few already traced to China.
It maybe noted that a lead forum, G20 Summit is an international collaboration working for extremely vital problems related to the worldwide financial as well as economic programs.
With the countdown occurring for this important event's date, hackers are gradually increasing their G20-themed assaults while those targeted are chiefly individuals within financial institutions as well as government organizations.
A gang from these hackers' cabals called APT-12 else Calc Team understandably bears association with the just held hack into the New York Times (NYT), however, its attacks have been going on for a number of years targeting defense contractors, financial institutions and government agencies.
The attackers rely on many separate documents during their runs; however, the malware used during each belongs to a common family while every malware sample links to an identical Internet Protocol address to carry out command-and-control operations. Moreover, the malware programs each consists of one Windows executable containing one Portable Document Format file. On executing the executable, the PDF gets exhibited that distracts the user from the malware's installation that happens unnoticed. The PDF file in fact is one among many documents on G20.
Security Researcher Claudio Guarnieri of Rapid 7 remarks that both files plainly happen to be executables, which camouflage as PDF files. Like always, there isn't a use of any exploit in the case, while the attacker distinctly targets victims with social engineering tactics towards making them open as well as run the malicious files. Threatpost.com published this dated August 27, 2013.
Disturbingly, both .exe files deliver malicious software which is capable of reading the user's keystrokes and pulls down as well as runs more malware.
Guarnieri notes that presuming a correct attribution has been made towards the Calc Team, the fact that even with prominent global revelation following the NYT incidence, the hackers responsible for these assaults continuing to operate without the media's and researchers' unexpected attention affecting them, is interesting. Softpedia.com published this dated August 27, 2013.