Government Agencies Targeted in New Spear Phishing Attack

Written by Sue Walsh on July 15, 2013

phishing

A new spear phishing scam has been unleashed on government agencies, using the recent PRISM scandal to try and lure victims in. The emails claim to have documents about the program and provide them as two pdfs and a .jar file. While the pdfs are harmless, the .jar file is a remote administration tool that lets the cybercriminals behind it take control of any computer. It infects. Since the attack is aimed at government agencies that means the hackers can potentially access all kinds of confidential, classified and sensitive data.

 ”The RAT can target not only Windows, but also Linux, Mac OS X, FreeBSD, OpenBSD, and Solaris (although we have not verified or observed the threat working on all of these operating systems),” the researchers pointed out, adding that “the threat has a builder tool that allows you to build your own customized versions of the RAT. The attack has been simplified as it does not involve the use of an exploit, nor an executable shellcode/payload, but simply relies on a Java applet. In fact, not only has the attack been simplified, but it has also become more stable and more virulent, it is a big upgrade!”

Sorry Apple fans, but that means even computers running OS X can be infected by this malware. Apple isn’t the virus free oasis it once was. Now that Apple computers are as popular as PCs, hackers have begun setting their sites on them. There was never anything particularly special about them that made them virus free except for their unpopularity. Hackers saw no reason to put the effort into infecting an OS only a minority used. These days, that’s changed. We are now entering a time when no OS, desktop or mobile, will be safe from malicious spam attacks. Fasten your seat belts because spear phishing and malicious spam attacks are only going to get worse.

Comments

Albert July 28, 2013

Well, hello, realization. That somehow evens out the playing field. I always feel that the government is still detached to the reality that online threats are real and they are extremely dangerous as a nuclear war. I am not certainly not kidding there. The question is, what are they going to do about it? Most certainly all their efforts will still be focused on them and will be left with no proper aid from them.

Michael July 30, 2013

This is actually a very scary thought. I think the trend today is cyber war fare. In Asia groups such as Anonymous are infiltrating or hacking government websites to promote their cause. It’s also sometimes called hacktivism. To me, it doesn’t matter what they are. It should be stopped as any kind of hacking to other people’s system with no permission is still criminal.

Angelique July 30, 2013

This is what scares me the most. A phishing scam that infects! Anything that infects can destroy. It’s destructive and can erase files and systems. It can spread like wildfire! It can render you helpless, especially if you depend a lot on your email and computer. I can say it is a good thing that the scam targets only government agencies; but this is only true now. We never really know what these spammers plan on doing next. They might branch out and decide to spread the “infection” to every type of email user, young or old; rich or poor!

  • (required)
  • (required)