Targetted attacks.

Apr 25, 2007

It seems that The Bad Guys (for some value of Bad Guys) are now carefully choosing their targets, and are also carefully choosing personnel who work at those targets and are e-mailing trojan horses, in the form of MS Office documents to those people in the hope that they'll open the bad files and run the exploits. The nature of the payload isn't clear in the article - it sounds like the trojans open connections to systems that the attackers control, and the attackers tunnel back through into the target networks. The scary thing is that the targets include various federal agencies, defense contactors, and (it is said) a couple of nuclear power research facilities... moreover, the attacks are coming from overseas (no surprise, really), usually China or Taiwan. The attacks come at a rate of a couple per site per week - these guys are persistent, I'll give them that.

While this isn't a 0-day technique (the theory's been around for years), this is the first time that it's been recorded as happening as part of a planned, deliberate attack against a major site. Usually you hear about it being part of a last-ditch attack against a small company, sometimes in the guise of what might be considered industrial espionage.