[ISN] Cyber espionage campaign targets energy companies

From: InfoSec News <alerts_at_private>
Date: Mon, 24 Sep 2012 03:28:50 -0500 (CDT)
http://www.computerworld.com/s/article/9231596/Cyber_espionage_campaign_targets_energy_companies

By Jaikumar Vijayan
Computerworld
September 21, 2012

Hackers using a Remote Access Trojan (RAT) named Mirage have been 
engaged in a systematic cyber espionage campaign against a Canadian 
energy company, a large oil firm in the Philippines and several other 
entities since at least this April, Dell's SecureWorks Counter Threat 
Unit says.

The campaign is the second one targeted at oil companies to be 
discovered by SecureWorks this year. In February, researchers at the 
firm discovered attackers using remote access tools similar to Mirage to 
target several oil companies in Vietnam. That campaign also targeted 
government agencies in several countries, an embassy, a nuclear safety 
agency and multiple business groups, according to SecureWorks.

The domains for three of the command and control (C&C) servers used to 
control Mirage and for several of the C&C servers used in the February 
campaign, appear to belong to the same individual or group of 
individuals, SecureWorks said.

Also noteworthy is the fact that the IP addresses for the command and 
control servers used for Mirage and in the February campaign belong to 
China's Beijing Province Network. The same network was also implicated 
in last year's attacks on security vendor RSA that resulted in the theft 
of confidential information related to the company's SecurID two-factor 
authentication technology.

[...]


--
ExpandingSecurity.com Live OnLine classes won&#8217;t wreck your schedule.
Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts
Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1:
CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/ 
Received on Mon Sep 24 2012 - 01:28:50 PDT

This archive was generated by hypermail 2.2.0 : Mon Sep 24 2012 - 01:25:21 PDT