NATO has been targeted by malware hiding in Microsoft Word document targeted at member governments of the intergovernmental military alliance in order to carryout reconnaissance and analysis.
Cisco’s Talos security research team identified the malware, noting it had several unusual features, such as the ability to avoid sandbox detection, exploit Adobe Flash, and swap out the malware payload with junk data to overload the resource pools of simplistic security devices.
“The analysis of the Microsoft Office document shows an advanced workflow of infection. The purpose of the document is first to perform a reconnaissance of the victims in order to avoid communicating with sandbox systems or analyst virtual machines. Second, the Adobe Flash requests a payload and an Adobe Flash exploit which is loaded and executed on the fly,” the security researchers said.
“This approach is extremely clever, from the attacker point of view, the exploit is not embedded in the document making it more difficult to detect for some security devices than the standard word trojan.
“It’s important to note that the actor realised security researchers were poking around their infrastructure and then rigged the infrastructure to create resource issues for some security devices. These are the characteristics of reasonably advanced attackers who have designed an efficient minimalist framework that was able to adapt purposes on the fly.”
So far, it appears that no-one in NATO has fallen victim to that hack attack, but the sophistication of the malware indicates that it has come from a skilled hacker or hacker collective, potentially with the backing of a state sponsor. However, as it currently stands this is simply speculation.
With ransomware wreaking havoc in hotels and the return of the HummingBad malware, 2017 look set to be a year full of nasty cyber attacks waiting to catch out the unwary.
Are you a security pro? Try our quiz!
AI push sees Alphabet's Google saying it will consolidate its AI teams in its Research…
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…