View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 27, 2013

Researchers identify new MiniDuke malware targeting European governments

MiniDuke targeted government computers in Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland.

By CBR Staff Writer

Kaspersky Lab and Hungary’s CrySys Lab have identified new malware, known as MiniDuke, which is used to attack multiple government entities and institutions worldwide.

Researchers at Kaspersky Lab said MiniDuke targeted government computers in Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland along with two think tanks, research institutes and healthcare providers in the US.

According to researchers, the new malicious programme combines sophisticated old school malware writing skills with new advanced exploits in Adobe Reader to collect geopolitical intelligence from high profile targets.

"This is a very unusual cyberattack. I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s," said Kaspersky Lab founder and CEO, Eugene Kaspersky.

"I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld.

"These elite, "old school" malware writers were extremely effective in the past at creating highly complex viruses, and are now combining these skills with the newly advanced sandbox-evading exploits to target government entities or research institutions in several countries."

Kaspersky said MiniDuke’s highly customised backdoor was written in Assembler and is very small in size at 20kb.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"The combination of experienced old school malware writers using newly discovered exploits and clever social engineering to compromise high profile targets is extremely dangerous," added Kaspersky.

Researchers said that MiniDuke attackers are still active and to compromise victims, the attackers use extremely effective social engineering techniques by sending malicious PDF documents to their targets.

According to researchers, the PDFs were highly relevant – with well-crafted content that fabricated human rights seminar information (ASEM) and Ukraine’s foreign policy along with NATO membership plans.

The malicious PDF files were then rigged with exploits attacking Adobe Reader versions 9, 10, and 11, bypassing its sandbox.

A toolkit was used to create these exploits and it appears to be the same toolkit that was used in the recent attack reported by FireEye, said researchers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.