Member of UK Defense Ministry Hit By Phishing Attack

At a recent conference, the UK’s Defense Ministry revealed that one of its top officials was hit with a spear phishing attack in 2009 that was designed to steal classified documents and compromise the country’s national security.

Officials say the employee received an email with a suspicious attachment. Upon further investigation, it was discovered that the attachment contained a Trojan horse that was designed to search for and steal classified documents. The agency said it was the work of foreign intelligence and pointed the finger at China, blaming them for the attack. Fortunately the employee’s suspicions kept them from opening the malicious attachment.

Cyber espionage is not new but it is increasing. The most recent example was the Stuxnet worm, a highly sophisticated piece of malware that was designed to seek out and disrupt critical corporate and government infrastructure. The worm was so prevalent at one point that it nearly shut down the networks of several major companies and the IRS.

Spear phishing seems made for these kinds of attacks. Unlike regular phishing, which is blasted out to a wide audience in hopes that as many people as possible fall for it and give up their personal info, spear phishing attacks are specifically targeted toward a small group of people. The most popular targets are corporate CEOs and government officials. The goal is to steal confidential data and sensitive documents, not just financial data. The cybercrooks can sell the data and documents for a healthy profit. It hasn’t been proven just who was behind the Defense Ministry’s attack, but China is known for its cyberspying as well as for being one of the world’s top spamming countries.