Windows Zero-Day Used in Attack Targeted at Embassies from Middle Eastern Capital

Embassies from Middle Eastern capital targeted by sophisticated cybercriminals

At least 28 embassies located in a capital city from the Middle East have been targeted in a sophisticated cyber operation that leveraged a recently discovered security hole in Windows XP and Server 2003.

The existence of the vulnerability in question, which impacts the kernel component of the aforementioned operating systems, was brought to light by Microsoft in late November 2013.

Shortly after, security researchers from Trend Micro came across a malicious PDF file that exploited the vulnerability in order to deliver a backdoor.

After further analysis, the IT security firm determined that the exploit was used in the attack targeted at the embassies. The attackers had sent malicious emails with an attachment that referenced the Syrian conflict. The attachment was actually a backdoor detected as BKDR_TAVDIG.GUD.

Trend Micro says that it’s difficult to determine who is behind the attack. However, the sophistication and the resources possessed by the attackers suggest that they’re no ordinary cybercriminals.

It’s also worth noting that it’s uncertain if the said embassies are impacted by the malware. Trend Micro has determined that they have been the targets based on the analysis of the malware sample.


One thought on “Windows Zero-Day Used in Attack Targeted at Embassies from Middle Eastern Capital

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s