Targeted information stealing attacks in South Asia use email, signed binaries

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Targeted information stealing attacks in South Asia use email, signed binaries
Botnet HangOver
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-05-16
Editor/Conference ESET
Link http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/ (Archive copy)
Author Jean-Ian Boutin
Type Blogpost

Abstract

In the past few months, we have analyzed a targeted campaign that tries to steal sensitive information from different organizations throughout the world, but particularly in Pakistan. During the course of our investigations we uncovered several leads that indicate this threat has its origin in India and has been going on for at least two years. The journey began with a code-signing certificate and an exploit and the scope of the investigation has widened ever since. In this blog post, we will highlight several interesting artifacts of the campaign, but more will be revealed in my upcoming presentation at the 7th International CARO Workshop in mid-May.

Bibtex

 @misc{Boutin2013BFR1330,
   editor = {ESET},
   author = {Jean-Ian Boutin},
   title = {Targeted information stealing attacks in South Asia use email, signed binaries},
   date = {16},
   month = May,
   year = {2013},
   howpublished = {\url{http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/}},
 }