Skip to main content

Hackers launch targeted attacks on European and Asian governments

Hackers have launched a targeted attack against European and Asian government agencies in an attempt to steal login credentials for email accounts and websites through Microsoft Outlook and Internet Explorer.

The attack, uncovered by Internet security firm Trend Micro, was contained in an email claiming to be from the Chinese National Defense, but appears to have been sent from a Gmail account.

The email's malicious attachment is designed to exploit a vulnerability in Microsoft Office (CVE-2012-0158) which affected all versions between 2003 and 2010. The bug was identified and fixed over a year ago, but only if updates were installed.

According to Trend Micro researchers, the message was sent to 16 officials from European countries alone, as well as to Chinese media companies. Any stolen information as a result of the attack was sent to two IP addresses located in Hong Kong.

"The topic of the email – and the attached document – would be of interest to these targets. In addition, the information stolen and where it was stolen from – is very consistent with targeted attacks aimed at large organizations that use corporate mainstays like Internet Explorer and Outlook," reads a Trend Micro blog post which outlined the findings.

"The vulnerability used in this attack is one that is commonly used by targeted attacks. High-profile campaigns like Safe and Taidoor have made use of this vulnerability; if anything it's a commonly targeted flaw in sophisticated campaigns."

Image Credit: Trend Micro