Stay networked. Get informed. Broadcast your projects.
Recently Kaspersky Lab reported about a new cyber espionage weapon – MiniDuke. there is a good reason to call it a weapon. Firstly, the virus was designed specifically for malicious use. The program is specifically created for gathering data by using famous and actively used Adobe reader.
Secondly, it attacks public institutions and governments. According to the report the state authorities in Belgium, Portugal, Ireland, Romania, Ukraine and Czech Republic, research institutes and medical centres in the US, educational centres in Hungary have already become victims of the new virus.
Thirdly, the aim of using MiniDuke virus is to collect/steal strategic insights and highly protected political information, which is a subject to states’ security.
Kaspersky Labs informs that the last use of the virus was detected 2 weeks ago, on 20 February.
How it works?
MiniDuke attacks the computers via infected PDF files, sent out through social networks. The content of these files was formed in a smartly unsuspicious way e.g. information regarding human rights events, NATO member states’ economic plans, etc.
When the PDF is opened a small file (only 20 kb in size) loads on the victim’s computer and by using a set of mathematical calculations determines computer’s fingerprint, and uses this data to encrypt users’ communications.
If the attacked system satisfies the prescribed requirements, MiniDuke will access Twitter and start search for specific tweets and tags from the pre-made accounts. These tweets contain encrypted URL-addresses needed to access the system. In case Twitter accounts are not active, the virus will use google search to find encrypted URLs for MiniDuke’s operators. As soon as infected system connects the servers, it starts receiving encrypted backdoors through Gif files. When backdoors are installed they may copy, remove, delete files, create database, stop the processes and download the new ones. It may also open access to other viruses. More technical information can be found here
There is a reason to assume that the authors of MiniDuke are familiar with the work principles of antivirus software. The virus turns unique for each computer system and contains a backdoor (written in assembler), which allows it to avoid system analytics instruments. In case the virus is detected, the backdoor stops malicious effects and makes it unseen for the system.
Eugene Kaspersky: “This is a very unusual cyber attack I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world.”