The recent MiniDuke cyber attack could have been government backed and carried out by the intelligence services of a country. MiniDuke, which affected governments in several countries , including Romania’s, was most likely created by an entity which has the characteristics of a state, according to Romania’s Intelligence Service SRI. The cyber attack had an even greater impact than Red October, another cyber spy attack campaign discovered at the end of 2012, which had been targeting Eastern European and former Soviet countries for the last five years, targeting diplomatic representatives, administrations and scientific research institutes. The SRI did not offer information on the outcome of either of these two cyber attacks.
The new malware was designed to collect confidential information from government websites and used a PDF format to send the virus, according to Kaspersky Lab Romania. The new malicious program, called MiniDuke, is “highly specialized” and was recently used to attack governments and institutions around the world. Kaspersky Lab investigations found that MiniDuke had compromised government agencies in Ukraine, Belgium, Portugal, Czech Republic and Ireland, as well as Romania. An unnamed research institute, two think-tanks and a healthcare provider in the US and a “well-known research institute” in Hungary were reportedly also compromised.
Romania’s SRI is working together with the country’s Special Telecommunication Service (STS) and the National Response Center to Cybernetic Security Incidents (CERT-RO) to find out all the affected entities in Romania and to stop the attack, according to Sorin Sava, the SRI spokesman, quoted by Mediafax.
Reports suggest that the malware looks very credible and mimics a PDF presentation on human rights, and once installed on the victim’s computer, gains access to classified geopolitical information. So far, the IPs of institutions and foreign embassies in Bucharest were targeted, according to Romanian media.
(photo source: sxc.hu)