14 DAY TRIAL // A new series of targeted attacks launched by cybercriminals mainly against Asian and European government agencies have been found to rely on bogus emails apparently coming from China’s Ministry of National Defense.
According to experts from Trend Micro, the emails come from a Gmail account and they carry a document that might seem to be of interest to the targets.
“We value your feedback very much and have carefully studied the suggestions and advices given back by the attaches and spouses in the feedback. China is still a developing country and we are ready to make progress together with our attaché friends in all the fields of our work,” read the malicious emails.
The document allegedly contains the “results of the evaluation.”
When the attached file is executed, a dummy document is displayed to avoid raising any suspicion. In the meantime, an old Microsoft Office vulnerability is exploited to drop a backdoor onto the targeted computer.
The vulnerability was patched by Microsoft over a year ago, but that hasn’t stopped cybercriminals from exploiting it in targeted attacks.
The backdoor is designed to steal login credentials for websites and email accounts from Internet Explorer and Microsoft Outlook. The stolen information is uploaded to a Hong Kong server.
Researchers say that the malicious emails have been sent to 16 European officials.
While it might appear that this is another cyber espionage campaign launched by China against its adversaries, it’s worth noting that the same attack has also targeted Chinese media organizations.
As far as the malware is concerned, BKDR_HGDER.IK has been mostly utilized in China and Taiwan. A small number of infections have been spotted in other Asian countries.