The
University of Toronto published today a great
research paper on targeted attacks.
We've
talked about targeted attacks for years. These
cases usually go like this:
1. You receive a spoofed e-mail with an
attachment 2. The e-mail appears
to come from someone you know 3. The contents make sense and talk about real
things (and in your language) 4. The attachment is a PDF, DOC, PPT or XLS 5. When you open up the attachment, you get a
document on your screen that makes sense 6. But you also get exploited at the same
time 7. The exploit drops a
hidden remote access trojan, typically a
Poison Ivy or
Gh0st Rat variant 8. No
one else got the e-mail but you 9. You work for a government, a defense
contractor or an NGO
But the real news
is that Greg Walton & co actually managed to
get an inside view of some of the servers used in
these spying attacks. This means they got to see
what was being done with the infected machines and
where in the world they were.
Click the image above to read John
Markoff's article.
The release of the
paper was synchronized with the New York Times
article. University of Cambridge released a
related research paper at the same time as well.
The Cambridge paper goes all the way to point the
finger directly at the Chinese Government. Most
other parties, us included, have not done such
direct accusations without concrete proof of
government involvement.
For a reason or
another,
infowar-monitor.net
has been down all day. So we've made a mirror of
the research papers available here:
More resources: Here's a video that
we posted earlier about targeted attacks:
