by Dave Neal
Security firm FireEye has warned organisations about a return of MoleRat phishing attacks that can invade a network through a single spiked email.
FireEye said that MoleRat had quieted down, but has made a reappearance in the last few weeks. It said that one poisoned message, with a shortened link, was opened at least once at a European organisation and warned that the same message has been interacted with at least another 250 times.
“Between 29 April and 27 May, FireEye Labs identified several new MoleRats attacks targeting at least one major US financial institution and multiple, European government organisations,” it said.
We last heard from FireEye about these attacks in February when it said that MoleRat was being adopted as a replacement for Zeus. Zeus currently something of a broken botnet.
“Xtreme RAT is now being used in some high-volume attacks. It is being distributed as a payload of traditional large-volume spam runs,” it said then. “So far, Xtreme RAT has not been used as the payload of advanced exploits. Rather users are lured into installing the RAT through a variety of social engineering schemes.”
Then and now the firm said that attacks are relatively simple and make the most of off the shelf malware tools. Now, though, FireEye says that the attacks are widening in scale and have moved into the broadcasting, the BBC, and finance industries – at least one US organisation has been attacked.
“Although a large number of attacks against our customers appear to originate from China, we are tracking lesser-known actors also targeting the same firms,” it said.
“Molerats campaigns seem to be limited to only using freely available malware; however, their growing list of targets and increasingly evolving techniques in subsequent campaigns are certainly noteworthy.”
FireEye director of technology strategy Jason Steer said that attacks like MoleRAT and Zeus are hardy and tough to deal with so organisations need to be alert of the risks they pose.
“Organisations must realise that this is an ongoing cyber battle and that they must be fully prepared to deal with these attacks. Identifying your main assets and protecting them is the first step,” he told V3.
“However security products alone will not solve the problem unless you have the right context and information available. The ideal situation is a combination of the right products, people and processes.”