Diplo Internet Governance Community

Stay networked. Get informed. Broadcast your projects.

Recently Kaspersky Lab reported about a new cyber espionage weapon – MiniDuke. there is a good reason to call it a weapon. Firstly, the virus was designed specifically for malicious use. The program is specifically created for gathering data by using famous and actively used Adobe reader.

Secondly, it attacks public institutions and governments. According to the report the state authorities in Belgium, Portugal, Ireland, Romania, Ukraine and Czech Republic, research institutes and medical centres in the US, educational centres in Hungary have already become victims of the new virus.

Thirdly, the aim of using MiniDuke virus is to collect/steal strategic insights and highly protected political information, which is a subject to states’ security.

Kaspersky Labs informs that the last use of the virus was detected 2 weeks ago, on 20 February.

How it works?

MiniDuke attacks the computers via infected PDF files, sent out through social networks. The content of these files was formed in a smartly unsuspicious way e.g. information regarding human rights events, NATO member states’ economic plans, etc.

When the PDF is opened a small file (only 20 kb in size) loads on the victim’s computer and by using a set of mathematical calculations determines computer’s fingerprint, and uses this data to encrypt users’ communications.

If the attacked system satisfies the prescribed requirements, MiniDuke will access Twitter and start search for specific tweets and tags from the pre-made accounts. These tweets contain encrypted URL-addresses needed to access the system. In case Twitter accounts are not active, the virus will use google search to find encrypted URLs for MiniDuke’s operators. As soon as infected system connects the servers, it starts receiving encrypted backdoors through Gif files. When backdoors are installed they may copy, remove, delete files, create database, stop the processes and download the new ones. It may also open access to other viruses. More technical information can be found here

There is a reason to assume that the authors of MiniDuke are familiar with the work principles of antivirus software. The virus turns unique for each computer system and contains a backdoor (written in assembler), which allows it to avoid system analytics instruments. In case the virus is detected, the backdoor stops malicious effects and makes it unseen for the system.

Eugene Kaspersky: “This is a very unusual cyber attack I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world.”

Views: 293

Comment

You need to be a member of Diplo Internet Governance Community to add comments!

Join Diplo Internet Governance Community

Comment by Valerie on April 13, 2013 at 11:06pm

Stephanie, thank you for your comment. Indeed, it is absolutely not recommended to launch executable files, especially received as mail attachments from a non-trustable source. Now, even simple .doc and .gif files can harbour micro viruses.

Apparently, state authorities are one of the first victims in a row, after perhaps banks and corporations. Cyber attack against governmental websites is nothing new. Despite cyber espionage, like in case with a MiniDuke, governmental websites often become a subject to shutdown or sabotage in response to certain state activities or policies. For instance American Department of Justice has got a number of DDoS attacks after passing notorious SOPA. Moreover, cyber attacks against state authorities’ website or computer networks may constitute a part of military campaign. During the Russia ‐ Georgia war Russia has integrated the cyber attack as a separate element to the physical attacks against Georgia.

But that’s the topic for another blogpost :)

Comment by Stephanie on April 12, 2013 at 11:34am

Valerie, this does not come as a surprise, but is nonetheless worrying. The perception that staying away from .exe files is enough still lingers on. The fact that so much damage can take place without the user even realising is a concern. What is surprising is the number of state authorities that have fallen into the trap...

Members

Groups

Follow us

Website and downloads

Visit Diplo's IG website, www.diplomacy.edu/ig for info on programmes, events, and resources.

The full text of the book An Introduction to Internet Governance (6th edition) is available here. The translated versions in Serbian/BCS, French, Spanish, Arabic, Russian, Chinese, and Portuguese are also available for download.

Interviews


Karlene Francis (Jamaica)
Ivar Hartmann
(Brazil)
Elona Taka (Albania)
Fahd Batayneh (Jordan)
Edward Muthiga (Kenya)
Nnenna Nwakanma (Côte d'Ivoire)
Xu Jing (China)
Gao Mosweu (Botswana)
Jamil Goheer (Pakistan)
Virginia (Ginger) Paque (Venezuela)
Tim Davies (UK)
Charity Gamboa-Embley (Philippines)
Rafik Dammak (Tunisia)
Jean-Yves Gatete (Burundi)
Guilherme Almeida (Brazil)
Magaly Pazello (Brazil)
Sergio Alves Júnior (Brazil)
Adela Danciu (Romania)
Simona Popa (Romania)
Marina Sokolova (Belarus)
Andreana Stankova (Bulgaria)
Vedran Djordjevic (Canada)
Maria Morozova (Ukraine)
David Kavanagh (Ireland)
Nino Gobronidze (Georgia)
Sorina Teleanu (Romania)
Cosmin Neagu (Romania)
Maja Rakovic (Serbia)
Elma Demir (Bosnia and Herzegovina)
Tatiana Chirev (Moldova)
Maja Lubarda (Slovenia)
Babatope Soremi (Nigeria)
Marilia Maciel (Brazil)
Raquel Gatto (Brazil)
Andrés Piazza (Argentina)
Nevena Ruzic (Serbia)
Deirdre Williams (St. Lucia)
Maureen Hilyard (Cook Islands)
Monica Abalo (Argentina)
Emmanuel Edet (Nigeria)
Mwende Njiraini (Kenya)
Marsha Guthrie (Jamaica)
Kassim M. AL-Hassani (Iraq)
Marília Maciel (Brazil)
Alfonso Avila (Mexico)
Pascal Bekono (Cameroon)

© 2019   Created by Community Owner.   Powered by

Badges  |  Report an Issue  |  Terms of Service