Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

G DATA : Operation TooHash: Asian cyber campaign targets companies

November 2014 by G DATA

Experts at G DATA SecurityLabs have discovered a spyware campaign. Operation TooHash is a targeted cyber attack on companies and organisations. The aim of the attack is to steal sensitive information from the targeted companies. Using a "spear-phishing" approach – a refined type of phishing with a targeted personal motive – the attackers have been sending out emails with infected Microsoft Office documents as attachments. Specially manipulated documents disguised as advertisements are thought to have been sent to the HR departments of the affected companies. The majority of files discovered have come from Taiwan. From analysing the characters, the security experts believe that the spyware has also been used on targets in other regions across China, as parts of the documents concerned have been written in simplified Chinese, which is primarily spoken on the Chinese mainland. G DATA security solutions detect the spyware as Win32.Trojan.Cohhoc.A and Win32.Trojan.DirectsX.A.

"The malware in the email attachment specifically exploits a vulnerability in Microsoft Office and downloads a remote access tool onto the compromised computer," explains Ralf Benzmüller, head of G DATA SecurityLabs. "In this campaign we have identified two different types of malware. Both contain established cyber espionage components such as automatic code execution, file listing, data theft, etc."

Servers control the infected computers

In the course of their analysis, the G DATA SecurityLabs experts have found over 75 control servers that are used to manage the infected PCs. The majority of the servers are located in Hong Kong and the USA. The administration console that the attackers use to control the infected computers is partly Chinese, partly English.

Data theft is a lucrative business

Valuable construction plans, customer data, business plans, emails and other sensitive corporate data are coveted stolen goods, especially in the business arena. Buyers of stolen data are often found quickly – competitor companies or secret services, for example. Data loss can mean commercial and financial ruin for the company concerned.

 A comprehensive analysis of the spyware can be found in the G DATA SecurityBlog: https://blog.gdatasoftware.com/blog/article/operation-toohash-how-targeted-attacks-work.html


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts