U.S. military contractors targeted with malicious PDFs
The last few months have seen a lot of cyber attacks aimed at U.S. military contractors and they are still ongoing.
F-Secure researchers have recently spotted an email obviously directed at military contractors’ employees, which contains a malicious .pdf attachment.
“When opened in Adobe Reader, it exploits a known Javascript vulnerability and drops a file called lsmm.exe,” they explain. “This is a backdoor that connects back to the attacker, who is waiting at IP addresses 59.7.56.50 and 59.19.181.130.”
In order to keep the recipient from suspecting foul play, the file then opens a legitimate-looking call for papers for a conference:
It is known that the RSA hack was executed in order to compromise its SecurID tokens, widely used by a great number of companies that do business with the government. But, as this example shows, there are easier ways to gain access to their computers.