All the latest UK technology news, reviews and analysis


Hackers targeting governments with hijacked sites

21 Apr 2012
Security threats - password theft

Malicious code planted within compromised pages has become the latest method for attackers targeting government organisations, according to research from security firm Zscaler.

The firm reported a number of government-affiliated sites that have been found to contain code that directs users to attack servers.

The most recent site to become infected was that of the French Budget Minister.

The site was found to contain obfuscated Javascript code which sends the user to a third party site and then attempts to exploit vulnerabilities and install malware on the targeted system.

The attack is the latest in what Zscaler sees as a string of site hijackings aimed at government-controlled domains. Researchers have noted previous attacks on systems in the US, Austria and Malaysia.

Zscaler chief executive Jay Chaudhry believes the attacks are not the work of profit-minded criminals looking to harvest bank details, but rather state-sponsored operations aimed at infecting government workers and other high-value targets.

"Most of the time when they go after a government site they are collecting specific pieces of information, a lot of these attacks are to steal state secrets," Chaudhry told V3.

"If they find the right users and figure out a way to infect them with a bot, they have a spy in place with a key target."

Previously, state-sponsored attacks relied on specially-crafted email messages to put spyware tools on the systems of specific targets.

While those attacks have been used in certain advanced persistent threat operations, researchers see hijacked page attacks as more of a wide-ranging operation looking to net large numbers of accounts in hopes of infecting a few key systems.

Further adding to the danger of the attacks, said Zscaler security researcher Julien Sobrier, is the large number of sites and domains being run by most government programmes.

Sobrier told V3 that organisations often leave a few of their less popular sites and portals poorly maintained and protected, leaving a back door open for attackers.

"All of those subdomains can be used to infect the entire site," he explained, "but there may not be as much protection on many of them."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
22%
13%
4%
22%
28%
11%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Senior Full Stack Development Engineer – Global Tech Company – London

An experienced full stack development engineer is required...

Senior Javascript Engineer – Market Leading Product - London

Experienced Javascript engineer is required to take on...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

SAP Programme Manager

SAP Programme Manager Experienced SAP Programme Manager...
To send to more than one email address, simply separate each address with a comma.