[FSec] CosmicDuke and the latest political news

Newsfeed

Nachrichtenbote
After we had published the CosmicDuke report in July 2014, we continued to actively follow the malware. Today, we discovered two new samples that both leverage timely, political topics to deceive the recipient into opening the malicious document.

The first one discusses the Ukraine crisis and EU sanctions over Russia and the original document was published here less than a week ago

CosmicDuke_Ukraine_crisis_and_EU_sanctions_against_Russia_cropped.jpg


The topic of the second document is definitely focusing on current affairs: Scotland votes on independence today. The original article was published early this week. Here is the decoy document:

CosmicDuke_Scottish_vote_cropped.jpg


It is obvious that the attackers are keeping abreast of the latest political news, and they are very agile: they have the capability and capacity to rapidly utilize the information to increase the odds of social engineering.

If you are interested in learning more about CosmicDuke, these latest samples, as well as other interesting discoveries, will be discussed in detail at T2, an information security conference during October 23-24 in Helsinki, Finland.
On 18/09/14 At 09:13 PM

Weiterlesen...
 
Zurück
Oben