All the latest UK technology news, reviews and analysis


MiniDuke malware infiltrated UK networks, confirms Kaspersky

28 Feb 2013
british flag

The MiniDuke cyber spying tool managed to infect UK networks, according to new information from Kaspersky Labs.

Kaspersky Labs chief security expert Aleks Gostev told V3 that the UK was on the malware's laundry list of victims.

"More than 23 countries are affected and the UK is one of them. We shared all the information we have with national CERTs so that they could continue their own investigations," Gostev told V3.

However, as the UK has no CERT team as yet it is unclear which authority was contacted about the attack. V3 has asked for more information.

MiniDuke is a cyber espying tool discovered by Kaspersky and Crysys Lab that targeting government and critical infrastructures systems using malicious PDF documents.

"The attackers would have sent PDF files via email with subject headings including 'human rights seminar' or 'membership plans' which the users would be tempted to open. These files were the carriers of the malware which would then take over the machine," explained Gostev.

The security chief said that the attack has several atypical features that indicate it may have been made by a veteran team of hackers.

"MiniDuke is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor," said Gostev

"The backdoor is written in ‘old school' assembly code and is tiny by current malware standards - only 20KB in size. This is most unusual for modern malware, which can be several megabytes in size."

MiniDuke is one of many espionage tools discovered by Kaspersky, which over the last year has helped unearth the hyper-sophisticated Flame and Red October campaigns.

Red October was a global cyber campaign caught targeting numerous European government institutions in January 2013. It is believed to have been created by a criminal group.

Flame was unearthed targeting Iranian government networks midway through 2012. The malware is believed to be state made, possibly by the US and Israel.

Gostev said that while MiniDuke is sophisticated it is not currently believed to be linked to either of these campaigns.

"Some of the elements remind us of cyber-espionage tools such as Duqu or Red October, such as the minimalistic approach, hacked servers, encrypted channels and also the typology of the victims," said Gostev.

"The amount of high profile victims in this attack is also notable and puts it on the same level with other advanced campaigns such as Red October.

"However, it is not related to any known platforms used in cyber-espionage campaigns such as ‘Tilded' platform in case of Stuxnet and Duqu or Flame platform."

The attack is the just the latest to be uncovered after a raft of attacks on western organisations that are believed to have emanated from China.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
11%
11%
0%
73%
5%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Database Manager

My client is the leader in the private healthcare sector...

JavaScript Developer - AngularJS HTML CSS

JavaScript Developer / Front End Programmer (AngularJS...

Database Manager

My client is the leader in the private healthcare sector...

1st Line Support - Contract - Wokingham

Austin Fraser are looking for a 1st Line Support Engineer...
To send to more than one email address, simply separate each address with a comma.