• Subcribe to Our RSS Feed

Business Under Attack by New Cyber Espionage Campaign

Sep 21, 2012 by     No Comments    Posted under: Tech Stuff

The Counter Threat Unit of Dell Secure Works has uncovered a cyber espionage campaign targeting several companies two of which are in the energy sector. The new campaign was nicknamed Mirage by the group which has been tracking it since April of this year. The name was chosen because the campaign uses the RAT (remote Trojan access) named Mirage that is spread through spearphishing emails. The CTU has identified the victims of the campaign as an energy firm in Canada, an oil company in the Philippines, a military organization in Taiwan and some still unidentified targets in Brazil, Nigeria, Egypt and Israel.

photo credit: virusinformatico.net

This new campaign is the second one that Dell Secure Works has uncovered this year. The first one was called Sin Digoo which targeted petroleum companies in Vietnam, government ministries in various countries, an embassy, a nuclear safety facility and other business groups. It is believed that both campaigns are works of the same group or, whoever is responsible for Mirage is working closely with the group behind Sin Digoo. The Mirage campaign is coming from three control and command domain names owned by someone who has the same email addresses as the owner of C & C domains used in the Sin Digoo campaign. The IP addresses of these C & Cs belong to the China Beijing Province Network, an outfit that is notorious for connections to malware and espionage.

Got anything to say? Go ahead and leave a comment!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>