Cyber espionage campaigns are not only common with government and military organizations, but they also take private firms into their inferno. More often not, the perpetrators are business rivals or disgruntled employees.
At Quick Heal, we have observed a targeted attack on an online marketing firm (name withheld to protect privacy) that caters to small businesses in the U.S.
The attack began in March 2016. For targeting this firm, the attacker gathered the following information:
- Functionality of the company
- Names, email IDs, and designation of employees
- The company’s recruitment needs
The main source of all such information turned out to be social networking sites and the company’s website.
After gathering all the required information, the attacker crafted malicious Microsoft Office Document files containing macro. These documents were sent as a spear phishing emails to previously profiled employees. The attacker first tried to convince the target that they are not spammers by sending text emails without any attachments. The content of these text emails was related to the targeted employee of the company. The attacker then crafted a document containing information about the target company. When the victim opened the document, their system got compromised and was used for collecting confidential business data.
In this report, we will see how exactly the attacker carried out this targeted attack, followed by an analysis of the components used in the attack.
Download the PDF to read the report:
Security measures to take against spear phishing emails.
- Do not respond to emails and attachments from unknown, unwanted or unsolicited sources.
- Apply all recommended security patches for Operating system, Microsoft Office, Adobe Reader, Java and other programs/applications.
- Keep Macro execution option disabled for Microsoft office as attackers are increasingly using Macro-based malware.
Subject Matter Expert
• Sagar Daundkar