Security researchers at Trend Micro have discovered a sophisticated ongoing series of targeted attacks, known as ‘LURID,’ that have compromised 1465 computers in 61 different countries, mostly in Russia and neighbouring countries.
Researchers wrote on a blog that LURID attacks targeted space-related government agencies, diplomatic missions, research institutions and companies.
Trend Micro researchers said, "We have been able to identify 47 victims including diplomatic missions, government ministries, space-related government agencies and other companies and research institutions."
The countries most impacted by this attack are Russia, Kazakhstan and Vietnam, along with numerous other countries – mainly in the CIS (Commonwealth Independent States – or former Soviet Union).
Hackers sent targeted e-mails to employees that were engineered to attack unpatched software and sought to steal spreadsheets, Word documents and other information.
The particular campaign comprised over 300 malicious, targeted attacks, monitored by the attackers using a unique identifier embedded in the associated malware.
"Our analysis of the campaigns reveals that attackers targeted communities in specific geographic locations as well as campaigns that targeted specific victims. In total, the attackers used a command and control network of 15 domain names associated with the attackers and 10 active IP addresses to maintain persistent control over the 1465 victims," said the researchers.
They added, "As is frequently the case, it is difficult to ascertain who is behind this series of attacks because it is easy to manipulate artifacts, e.g. IP addresses and domain name registration, in order to mislead researchers into believing that a particular entity is responsible.
"Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets."
