Article 5444A An advanced and unconventional hack is targeting industrial firms

An advanced and unconventional hack is targeting industrial firms

by
Dan Goodin
from Ars Technica - All content on (#5444A)
GettyImages-713783917-800x500.jpg

Enlarge / Binary code, illustration. (credit: KTSDESIGN/SCIENCE PHOTO LIBRARY / Getty Images)

Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target with pinpoint accuracy.

The attacks begin with emails that are customized for each target, a researcher at security firm Kaspersky Lab reported this week. For the exploit to trigger, the language in the email must match the localization of the target's operating system. For example, in the case of an attack on a Japanese company, the text of the email and an attached Microsoft Office document containing a malicious macro had to be written in Japanese. Also required: an encrypted malware module could be decrypted only when the OS had a Japanese localization as well.

Recipients who click on a request to urgently enable the document's active content will see no indication anything is amiss. Behind the scenes, however, a macro executes a Powershell script. The reason it stays hidden: the command parameters:

Read 5 remaining paragraphs | Comments

index?i=ANX0w9kMFcM:0xTGwuI4Pmw:V_sGLiPB index?i=ANX0w9kMFcM:0xTGwuI4Pmw:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments