MiniDuke malware infiltrated UK networks, confirms Kaspersky

The MiniDuke cyber spying tool managed to infect UK networks, according to new information from Kaspersky Labs.

Kaspersky Labs chief security expert Aleks Gostev told V3 that the UK was on the malware's laundry list of victims.

"More than 23 countries are affected and the UK is one of them. We shared all the information we have with national CERTs so that they could continue their own investigations," Gostev told V3.

However, as the UK has no CERT team as yet it is unclear which authority was contacted about the attack. V3 has asked for more information.

MiniDuke is a cyber espying tool discovered by Kaspersky and Crysys Lab that targeting government and critical infrastructures systems using malicious PDF documents.

"The attackers would have sent PDF files via email with subject headings including 'human rights seminar' or 'membership plans' which the users would be tempted to open. These files were the carriers of the malware which would then take over the machine," explained Gostev.

The security chief said that the attack has several atypical features that indicate it may have been made by a veteran team of hackers.

"MiniDuke is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor," said Gostev

"The backdoor is written in ‘old school' assembly code and is tiny by current malware standards - only 20KB in size. This is most unusual for modern malware, which can be several megabytes in size."

MiniDuke is one of many espionage tools discovered by Kaspersky, which over the last year has helped unearth the hyper-sophisticated Flame and Red October campaigns.

Red October was a global cyber campaign caught targeting numerous European government institutions in January 2013. It is believed to have been created by a criminal group.

Flame was unearthed targeting Iranian government networks midway through 2012. The malware is believed to be state made, possibly by the US and Israel.

Gostev said that while MiniDuke is sophisticated it is not currently believed to be linked to either of these campaigns.

"Some of the elements remind us of cyber-espionage tools such as Duqu or Red October, such as the minimalistic approach, hacked servers, encrypted channels and also the typology of the victims," said Gostev.

"The amount of high profile victims in this attack is also notable and puts it on the same level with other advanced campaigns such as Red October.

"However, it is not related to any known platforms used in cyber-espionage campaigns such as ‘Tilded' platform in case of Stuxnet and Duqu or Flame platform."

The attack is the just the latest to be uncovered after a raft of attacks on western organisations that are believed to have emanated from China.