Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
RSA attack « The FORWARD project blog

RSA attack

RSA attackers took the advantage of using phising e-mail and the exploitition  of a previously unpatched Adope Flash hole.

They were sending phising emails to low profile employees with a subject lined of  ”2011 Recruitment Plan”.One of the employess made the terrible mistake and opened the above email and ,so the attached Excel file that contained malware which could exploit a hole in Adobe Flash, installed a back door.From there on the attacker could remotely take control of the computer.

To do that remotely attackers used the Poison Ivy tool which let them to gather critical information using C&C connections.This type of  espionage attack is called ”Advanced Persistent Threat” (APT) and it is used to gather ,as i said ,critical information of the company being hit.Critical information such as knowledgement of the company’s high level operations, network, and info about expert IT employees and their roles in the company.

The next step of the attackers was to gather the data(asap becuse they were discovered by RSA) and exfilarate them in encrypted files over ftp to external compromised hosting provider.

By this type of attack (APT) ,which main characteristic is the persistent espionage of significant targets(stuxnet worm), may had been hit more companies around the globe (see links above).

 

http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/

http://news.cnet.com/8301-27080_3-20051071-245.html

https://secure.wikimedia.org/wikipedia/en/wiki/Advanced_persistent_threat

Leave a Reply