The Counter Threat Unit of Dell Secure Works has uncovered a cyber espionage campaign targeting several companies two of which are in the energy sector. The new campaign was nicknamed Mirage by the group which has been tracking it since April of this year. The name was chosen because the campaign uses the RAT (remote Trojan access) named Mirage that is spread through spearphishing emails. The CTU has identified the victims of the campaign as an energy firm in Canada, an oil company in the Philippines, a military organization in Taiwan and some still unidentified targets in Brazil, Nigeria, Egypt and Israel.
photo credit: virusinformatico.net
This new campaign is the second one that Dell Secure Works has uncovered this year. The first one was called Sin Digoo which targeted petroleum companies in Vietnam, government ministries in various countries, an embassy, a nuclear safety facility and other business groups. It is believed that both campaigns are works of the same group or, whoever is responsible for Mirage is working closely with the group behind Sin Digoo. The Mirage campaign is coming from three control and command domain names owned by someone who has the same email addresses as the owner of C & C domains used in the Sin Digoo campaign. The IP addresses of these C & Cs belong to the China Beijing Province Network, an outfit that is notorious for connections to malware and espionage.