‘MiniDuke’ Attack from Nation State

Friday, March 1, 2013 @ 05:03 PM gHale


Romania believes another state was behind the “MiniDuke” cyber attack that hit its national security institutions as well as NATO and other European countries, its SRI secret service said.

While it blamed another country, it would not say which one.

RELATED STORIES
Trojan Hits Governments
Hiding Code into JavaScript
Trojan a Work of ‘Poetry’
Ransomware Encrypts Data

Earlier this week, Russia’s Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security, or CrySyS, said the targets of the campaign included government computers in the Czech Republic, Ireland, Portugal and Romania.

They also said a think tank, research institute and healthcare provider in the United States were among those targeted by the malicious software, called “MiniDuke.”

NATO also confirmed it was a target, although the alliance said its computer systems did not suffer any issues.

“It is a cyber attack … pursued by an entity that has the characteristics of a state actor,” SRI spokesman Sorin Sava said.

“Our estimations show the attack is certainly relevant to Romania’s national security taking into account the profile of the compromised entities,” Sava said, adding private organizations were also a target.

One of the researchers involved in identifying the attack said earlier this week he also suspected a foreign government was involved, but did not say which. Romania is the first government to make such a suggestion.

The MiniDuke hackers attacked their victims by exploiting recently-discovered security bugs in Adobe’s Reader and Acrobat software. They sent their targets PDF documents tainted with malware.

Adobe released a software patch to cover the flaw, and any users who had downloaded it would have some protection against “MiniDuke.” However, quite often users do not apply patches to their systems.

“This attack has a bigger impact because of its superior technological level that allows it to better conceal itself and take over control over a compromised network in order to extract information,” Sava said.



Leave a Reply

You must be logged in to post a comment.