China is the Center of a New Global Cyber Espionage Campaign

Dell SecureWorks Counter Threat Unit Threat Intelligence researchers found out new cyber espionage campaign. This campaign targets military and energy organizations and companies.

Spear-phishing emails are the start of the campaign when the highly permanent Remote Access Tool is installed on the aimed machines. These emails target mid-level to senior-level executives. The Mirage RAT fixes it on the recipient’s PC when the attachment is downloaded and run on the machine.

Several files were identified by CTU researches. According to them, a copy of Mirage was dropped and executed onto a target system by these files. They were designed to behave and look like PDF files. Stand-alone executable files, the droppers, open an embedded PDF file. Then they execute the Mirage Trojan. An executable file drops a Mirage copy and opens a PDF embedded.

 These attacks have been targeted a military organization in Taiwan, an oil company in the Philippines, several entities in Israel, Nigeria, Brazil and Egypt and an energy company in Canada.

Have been analyzed by the researches, the Mirage variants used in the attacks are seemed to have unique items not intended for widespread targeting. They can be concerned to target specific systems.

According to the researchers, who have examined some of the IP addresses connected to the attacks, the attacks are coming from China. The researchers also claimed that these attacks target only special objectives. They require small quantity of infected systems.  The results are extremely powerful. 

It is very important for the companies of the targeted industries to have strong security system and use active prevention and intrusion systems to well detect the activity of this kind.