At least 28 embassies located in a capital city from the Middle East have been targeted in a sophisticated cyber operation that leveraged a recently discovered security hole in Windows XP and Server 2003.
The existence of the vulnerability in question, which impacts the kernel component of the aforementioned operating systems, was brought to light by Microsoft in late November 2013.
Shortly after, security researchers from Trend Micro came across a malicious PDF file that exploited the vulnerability in order to deliver a backdoor.
After further analysis, the IT security firm determined that the exploit was used in the attack targeted at the embassies. The attackers had sent malicious emails with an attachment that referenced the Syrian conflict. The attachment was actually a backdoor detected as BKDR_TAVDIG.GUD.
Trend Micro says that it’s difficult to determine who is behind the attack. However, the sophistication and the resources possessed by the attackers suggest that they’re no ordinary cybercriminals.
It’s also worth noting that it’s uncertain if the said embassies are impacted by the malware. Trend Micro has determined that they have been the targets based on the analysis of the malware sample.