Backdoors by way of Ichitaro exploit

Posted on

esearchers at Symantec have uncovered the exploits of a cyberespionage group targeting organizations in Japan.

According to a Thursday blog post by the firm, malicious emails were used to spread backdoors Emdivi, Korplug and ZXshell to victims. Instead of simply including a link to compromised websites in phishing ruses, attackers used booby-trapped Ichitaro document files to spread malware.

That attack leverages a remote code execution vulnerability, CVE-2014-7247, in the widely-used Ichitaro word processor, so that users running vulnerable versions of the software are exploited. The backdoors are all designed to “steal confidential information from the compromised computer,” Symantec said.

The cyberespionage campaign,“Operation CloudyOmega,” has been active since 2011 and its perpetrators have “communication channels with other notorious attacks groups,” like Hidden Lynx, the firm noted.  A patch for the zero-day vulnerability is now available.

curso seguridad informatica online

source:http://www.scmagazine.com/backdoors-delivered-to-japanese-orgs-by-way-of-ichitaro-exploit/article/383472/

 

International institute of cyber security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s