Information Warfare: More High Grade Malware Showing Up


March 13, 2013: Yet another Internet based attack against specific civilian, military, and government officials has been discovered and dissection continues as more layers are revealed. This one is a clever piece of malware called MiniDuke and it is directed at specific individuals in Ukraine, Belgium, Portugal, Romania, the Czech Republic, the United States, Hungary, and Ireland. The targets in the United States and Hungary appear, so far, to have only been non-government organizations.

MiniDuke delivers a secret software program, via an infected PDF file that monitors PCs it gets into, that passes back keyboard activity and files to servers in Panama and Turkey. MiniDuke is unique in terms of the attention paid to keeping its presence secret from network security systems. MiniDuke stays dormant until it senses it is not being monitored, then seeks out a specific Twitter feed that the hacker uses to communicate with infected machines.

MiniDuke carried out its attack using an official looking email, with a PDF file attached, sent to specific individuals. It is an email the recipients were not expecting. This is known in the trade as "spear fishing" (or "spear phishing"), which is a Cyber War technique that sends official looking email to specific individuals with an attachment which, if opened, secretly installs a program that sends data from the email recipient's PC to the spear fisher's computer. In the last few years an increasing number of military, corporate, and government personnel have received these official-looking emails with a PDF document attached and asking for prompt attention.

MiniDuke is one of the most sophisticated spear phishing attacks seen so far. It shares some characteristic of professional American–Israeli efforts like Duqu but also incorporates some new ideas (heavy use of Twitter, a very gradual infection process, and lots of scouting). It’s unclear where it came from, or at least no one has released any information on that yet. This may mean that the author has been identified and the police are closing in. Or probably not, as MiniDuke appears to be the result of a major effort.


Article Archive

Information Warfare: Current 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 



Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close