miniduke European governments & NATO hit by MiniDuke cyber attack

Hackers recently hit dozens of computer systems all across Europe due to a flaw recently discovered in Adobe’s software.  NATO headquarters confirmed that they too had been attacked.

These recent government attacks were said to be far more sophisticated than other attempted attacks that happen nearly on a daily basis.  Some experts have suggested that this recent attack may have been some form of a state sponsored hack, but no nation being accused was mentioned in the report.

The nations falling victim to the attack included Ireland, Portugal, Romania and the Czech Republic.  Both Hungary’s Laboratory of Cryptography and Systems Security along with Russia’s Kaspersky Lab confirmed the attacks.  In addition, the security groups said that the attacks were orchestrated by using what they refer to as the ‘MiniDuke’.

In regards to the recent attack, a February 27 press release from Kaspersky lab reads in part,

Today Kaspersky Lab’s team of experts published a new research report that analyzed a series of security incidents involving the use of the recently discovered PDF exploit in Adobe Reader (CVE-2013-6040) and a new, highly customized malicious program known as MiniDuke. The MiniDuke backdoor was used to attack multiple government entities and institutions worldwide during the past week. Kaspersky Lab’s experts, in partnership with CrySys Lab, analyzed the attacks in detail and published their findings.

The MiniDuke program was designed specifically for spying but the security firms investigating the attacks have not discovered exactly what the sleuths main goals were in the computer break-ins.

Kurt Baumgartner, who serves as a senior security expert with Kaspersky lab said that all indications are showing that this is a brand new type of threat that has never been seen before in regards to espionage.  Baumgartner would not suggest any suspicions on what government, if any, might be behind the hacks.

MiniDuke operates by taking advantage of a security flaw found in the highly popular Adobe Reader and Adobe Acrobat software, which are most commonly used to open PDF documents.  The hackers sent their intended targets official looking government PDF files that contained the MiniDuke.

The flaws in the software were discovered approximately 2 weeks ago by the security agency FireEye.  Interestingly enough, FireEye says that those behind the MiniDuke attack had the virus programmed to search for Tweets from specific Twitter accounts that contained instructions for controlling the personal computers that were compromised.  If the virus could not access the tweets it was searching for, it would do an automatic Google search for alternate instructions.  

Adobe has issued a patch for the exploit, however, each computer must install the update or have its Adobe software set to update automatically for it to be secured.