According to the company’s Security Labs blog,
Amnesty International’s United Kingdom website was compromised and
hosting the potent Gh0st RAT Trojan earlier this week. Malicious Java
code was planted on the site in a bid to push the Gh0st RAT Trojan onto
vulnerable Windows machines. If successful, the attack plants malware
onto machines that is capable of extracting the user's files, email,
passwords and other sensitive personal information.
The vulnerability for the
infection stemmed from a popular Java exploit, CVE-2012-050. Hackers
exploited that hole and used it to inject the Amnesty International
site’s script with malicious code. The Java hole was the same used by
Flashback, the much buzzed-about Mac OS X Trojan in recent months.
The exploit code used in this attack
appears to have been copied from Metasploit, an open source penetration
testing framework popular among security professionals, Giuliani said.
The injected web code was
removed after Websense alerted Amnesty to the issue.The attack bears all
the hallmarks of a series of attacks that appear to be targeting
pro-Tibet organisations and sympathisers, most likely by a group
connected to China.
The Gh0st Trojan has been used
by suspected Chinese hackers in several advanced persistent threat (APT)
style attacks, most notably the ‘Nitro’ attacks against energy firms in
2011. Chinese involvement in the Amnesty International attack is
suspected but unproven.
Websense detected over 100 other
websites infected with the same malicious code as Amnesty
International's U.K. website during the same time period, Carl Leonard,
senior manager of Websense Security Labs, said.
Nema komentara:
Objavi komentar