Blue Coat researchers, with the participation of CIRCL (Computer Incident Response Center Luxembourg) and various partners, have uncovered highly sophisticated and automated attacks targeting embassies, major corporations, politics, military and the financial sector, all over the globe.
The framework set for performing these targeted attacks is named Inception. It uses a cloud-based infrastructure located in Sweden, CloudMe, and the WebDAV protocol. It also includes randomized file names to prevent detection (in Hindi, Russian, Swedish and English), and malware components embedded in Rich Text Format (RTF) files. These malware payloads have been recovered in home routers and mobile devices. The malware indicators can be found on the MISP (Malware Information Sharing Platform), operated by CIRCL.
The Blue Coat Labs’ whitepaper describes Inception as being a “very slick operation” that can “in theory be the creation of nation states or resourceful private entities”.
“The success rate of this method has been remarkably high. Inception relies on a network of compromised wireless routers and mobile devices and users should therefore pay close attention to their infrastructure and OS set-up. The origin of Inception not known yet and attackers usually use an intricate network of router proxies and rented hosts”, explains a security researcher from CIRCL.
CIRCL has contributed to the whitepaper in addition to Crowdstrike, F-Secure Corporation, iSight Partners, Kaspersky Labs, Symantec Corporation
Find the full report here: https://t.co/zoo3R6iqgC