fireeye-operation-saffron-rose

0xtyler
  • No tags were found...

fireeye-operation-saffron-rose

Attack VectorsWe have observed the Ajax Security Team use a variety of vectors to lure targets into installingmalicious software and/or revealing login credentials. These attack vectors include sending email,private messages via social media, fake login pages, and the propagation of anti-censorshipsoftware that has been infected with malware.Spear phishingDuring our investigation, we discovered that these attackers sent targeted emails, as well as privatemessages through social media. For example, the attackers targeted companies in the DIB using a fakeconference page as a lure to trick targets into installing malicious software. The attackers registeredthe domain “aeroconf2014[.]org” in order to impersonate the IEEE Aerospace conference—theconference’s actual domain is aeroconf.org—and sent out an email with the following information:From: invite@aeroconf2014[.]orgSubject: IEEE Aerospace Conference 2014The email encouraged users to visit a fake conference website owned by the attackers:Figure 1: The Fake IEEEAerospace Conference WebsiteUpon visiting the website, visitors were notified that they must install “proxy” software in order to accessit, which is actually malware.FireEye, Inc. Operation Saffron Rose 4

More magazines by this user
Similar magazines