A pair of threat researchers are reporting the arrival of a major targeted attack campaign against servers in 61 countries, with victims ranging diplomatic missions, government ministries, space-related government agencies and other companies and research institutions.
According to David Sancho and Nart Villeneuve, approaching 1,500 systems have been tracked as compromised, with the bulk of the compromised servers being in Russia, Kazakhstan and Vietnam, as well as a smattering of former states in the USSR sphere of influence.
This particular campaign, they assert, consists of more than 300 malicious, targeted attacks, monitored by the attackers using a unique identifier embedded in the associated malware.
“Our analysis of the campaigns reveals that attackers targeted communities in specific geographic locations as well as campaigns that targeted specific victims. In total, the attackers used a command and control network of 15 domain names associated with the attackers and 10 active IP addresses to maintain persistent control over the 1465 victims”, they say in their security posting.
The `Lurid Downloader ‘ – aka Enfal – is a well-known malware family but it is not a publicly available toolkit that can be purchased by aspiring cybercriminals, say the researchers.