Spearphishing Attack Spoofs Mandiant Report

Sue Marquette Poremba

Talk about a game of cat and mouse.

Earlier this week, Mandiant released a report that called out the Chinese for hacking into U.S. entities. Last night, I found out that the Mandiant report is now being used as bait in at least two different spearphishing campaigns. According to the Kaspersky Lab ThreatPost:

The first phishing attacks are using a file named "Mandiant_APT2_Report.pdf", a slight variation of the real report name, which uses the APT1 moniker that the computer security firm applies to the specific crew of Chinese attackers discussed in the document. The other spear-phishing attack is using a document named "Mandiant.pdf" as its bait, and the malware used in that attack calls back to a C&C server based in Korea, also at a dynamic DNS provider.

Both variations appear to exploit a vulnerability in Adobe Reader. The first attack targets an older vulnerability, while the second one exploits the newest vulnerability, the one with the latest patch release.


According to Seculert, the first attack appears to be coming from Korea and is targeting Japanese entities. The second attack appears to be a little murkier in its origins and target. In any case, the attacks don’t seem to be originating from the same location or group, but, as the Seculert blog pointed out, it does seem a little odd that the two very similar attacks were released on the same day.

This was an unusually high-profile security report, with a lot of interest. That spearphishing attacks would be developed – and rather quickly – isn’t too surprising. I wouldn’t be shocked to find more instances of spearphishing that use this report. However, I do see this as a growing problem. As cybersecurity becomes more of a focus for the nation, as ordinary people want to learn more about these attacks or companies do more to alert their employees on the dangers of cybersecurity, the bad guys will use these reports and concerns as a way to generate new attacks.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Close
Thanks for your registration, follow us on our social networks to keep up-to-date