Another widespread Advanced Persistent Threat (APT) has been found controlling 1,365 computers in 61 different countries, focusing heavily on Government bodies.
The main targets were Russia, Kazakhstan and Vietnam, with the 47 victims identified coming from various organisations, including Government ministries and diplomatic bodies, Trend Micro said.
In some cases, the attackers attempted to steal specific documents and spreadsheets.
Russia was far and away the most targeted country, with 1,063 systems compromised.
Over 300 targeted attacks, hackers managed to have users install the Lurid Downloader malware, otherwise known as Enfal, on thousands of machines.
That malware has been used to target the US Government and non-governmental organisations, although this Lurid APT appears to have no relation to those attacks, Trend said.
This newly-uncovered series of attacks exploited a number flaws in Adobe Reader. Once compromised, infected systems may have had their data stolen and sent to a C&C server over HTTP POST.
"Through communication with the command and control servers, the attackers are able to issue a variety of commands to the compromised computers," wrote David Sancho and Nart Villeneuve, Trend senior threat researchers, in a blog post.
"These commands allow the attackers to send and receive files as well as activate an interactive remote shell on compromised systems. The attackers typically retrieve directory listings from the compromised computers and steal data (such as specific .XLS files)."
Trend said it was difficult to ascertain who perpetrated the attacks, as it is easy to mislead researchers by manipulating sources, such as IP addresses.
"Although our research didn't reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," the Trend researchers added.
The security company's discovery comes after McAfee uncovered a similar APT. The Operation Shady RAT attacks lasted over five years and went after Governments as well as private businesses.
The security giant identified 72 of the compromised parties. Of those 72, 22 were Government organisations.
Read on for our look at whether we can now confidently talk about cyber war.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Exploitation of Docker remote API servers has reached a “critical level”News Hackers are targeting Docker’s remote access API as it allows them to pivot from a single container to the host and deploy malware with ease
-
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024Cyber attacks reached another all-time high this quarter as digital crime continues to be a highly profitable industry for threat actors
-
Alarm raised over patched Phemedrone Stealer malware that's being used to target Windows PCs - here's what you need to knowNews Phemedrone Stealer is being used to exploit a vulnerability in Windows Defender SmartScreen despite the issue being patched in November 2023
-
SOC modernization and the role of XDRWhitepaper Automate security processes to deliver efficiencies across IT
-
Uncovering the ransomware threat from global supply chainsWhitepaper Effectively mitigate ransomware risk
-
The near and far future of ransomware business modelsWhitepaper Discover how criminals use ransomware as a cyberweapon
-
Trend Micro security predictions for 2023Whitepaper Prioritise cyber security strategies on capabilities rather than costs
-
'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomwareNews More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damage
