Early last week we had a story on a targeted attacks against military contractors using a malicious PDF disguised as a conference CFP. On Friday the threats continued with emails being sent to all 163 participants of a recent Intelligence Advanced Research Projects Activity (IARPA) event purporting to be a list of the attendees. This time it’s an email that provides a link to a booby-trapped ZIP file. Within the file is a Excel-looking document that’s actually an EXE. If run you are p0wn3d and your computer is now the property of your friendly local Internet spy.
I’m probably preaching to the choir here but remember … NEVER click on links in emails. Instead copy/paste it into an un-formatted notepad and examine it closely for suspicious formats. Next submit it so a service like VirusTotal.com. They have a nice little “Submit a URL” tab just for situations like this. URLVoid.com is a similar service that I like to use as well. And if you get to the point of actually downloading the ZIP file, you can submit that to VirusTotal.com as well.
The U.S. Defense industry once again is under siege by cyberspies in an attack that provides a link to a rigged spreadsheet containing a real list of high-level defense industry executives who attended a recent Intelligence Advanced Research Projects Activity (IARPA) event.
A Defense contractor friend of Anup Ghosh, CEO of Invincea, sent him a copy of a targeted yet suspicious email with the attachment he had received unsolicited. “He said he has been a nonstop target of a lot of spear-phishing attempts, but this one was very compelling because it was purported to have names of attendees to a recent IARPA meeting,” Ghosh says. It appears that the attackers sent the same email and malicious attachment to the other 163 event attendees, he says.
The embedded URL — which appears to be a subdomain of a domain that redirects to the legitimate research project website — provides a ZIP archive to the attendee roster, which includes the names of directors, presidents, and CEOs of major Defense and intelligence companies.