UPDATED 12:03 EDT / JULY 27 2011

NEWS

On-Going Hacking Campaign against Defense Contractors Uncovered

Researchers from Invincea Labs and ThreatGrid discovered what seems like a cyber espionage campaign against some 163 key executives, including presidents and CEOs of key defense contractors, who attended a recent Intelligence Advanced Research Projects Activity event.

The whole thing was picked up thanks to an e-mail that was directed to Anup Ghosh, CEO of Invincea, by a friend in the industry.

DarkReading.com cited the exec:

“He said he has been a nonstop target of a lot of spear-phishing attempts, but this one was very compelling because it was purported to have names of attendees to a recent IARPA meeting,” Ghosh says. “It appears that the attackers sent the same email and malicious attachment to the other 163 event attendees, he says.”

The embedded URL in the message directed users to a ZIP file hosted on a subdomain that is connected to the legitimate research project site. However, what looks like a .XLS list of the attendees is actually an executable HTTP client.

The file was sent to ThreatGrid for analysis, and the firm laid out how the hackers would obtain access to sensitive data once an unsuspecting recipient unzips the file. The client connects to an external server, making it look like regular browser activity, and waits for the victim to reboot their machine. At that point the client reaches out to a control-and-command server and acts as Trojan that takes full control of the compromised computer.

This is likely the method, or at least similar to the one used by hackers to obtain sensitive files from the Pentagon in an earlier breach, presumably from a defense contractor. That breach, too, may have been the result of an e-mail scam.

Defense contractors are a very big target for hackers, and this have been particularly evident lately. A separate case that involved the now confirmed braech of EMC’s RSA security division led to attacks on two government contractors: Lockheed Martin and Northop Grumman.

It now seems that the actual number of incidents is beginning to match the media hype, though the proper implementation of security measures is still lagging behind.

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.