Defense contractors undergoing a continuous hacking campaign

When we talk about hacking many people will first think of the attacks from groups like Anonymous and LulzSec with their attacking the sites and databases of companies like VISA or PayPal; or even reports of Chinese backed hackers attacking US government sites.

However there is apparently another level of hack attacks going on against some 163 executives, including CEOs and presidents of some of the country’s largest defense contacting companies in the country.

The attacks seem to have started shortly have most of the targeted executives attended a recent Intelligence Advanced Research Projects Activity conference.

The whole thing was picked up thanks to an e-mail that was directed to Anup Ghosh, CEO of Invincea, by a friend in the industry. cited the exec:

“He said he has been a nonstop target of a lot of spear-phishing attempts, but this one was very compelling because it was purported to have names of attendees to a recent IARPA meeting,” Ghosh says. “It appears that the attackers sent the same email and malicious attachment to the other 163 event attendees, he says.”

The embedded URL in the message directed users to a ZIP file hosted on a subdomain that is connected to the legitimate research project site. However, what looks like a .XLS list of the attendees is actually an executable HTTP client.

The file was sent to ThreatGrid for analysis, and the firm laid out how the hackers would obtain access to sensitive data once an unsuspecting recipient unzips the file. The client connects to an external server, making it look like regular browser activity, and waits for the victim to reboot their machine. At that point the client reaches out to a control-and-command server and acts as Trojan that takes full control of the compromised computer.

via SiliconAngle