12345

8/23/2012

[Issue] APT attack from Taiwan related one of Taiwanese airline companies

1. Introduction

INCA Internet response team announced Taiwanese APT attack with using time interval April, 2012 and still collects related information. Among them, we found another type of APT attack disguised as sent from airline company(EVA AIR). Attacker aimed for officers who work at Council of Agriculture (Republic of China) and Department of Health (Republic of China).
Malicious file used for attack was disguised as a receipt of e-ticket and its icon as a folder.

INCA Internet response team are chasing for assuming that this attack will be one of previous APT attacks for office workers.



2. APT attack disguised as sent by airline company

[Issue] Several APT attacks on Taipei with time interval 

Attacking cases for Taiwanese government officers are continuously found still in these days. First of all, attacker attacked to officers who work for marketing team of Council of Agriculture (Republic of China) with sending message as "EVA Airline e-ticket receipt" including malicious files on July 3, 2012.

This e-mail contains compressed file(69380236_10107_receipt.rar) which contains malicious file, "69380236_10107_receipt.exe".


Next day, similar malicious mails sent to officers who work for public health team of Department of Health (Republic of China) with sending message as "Special price of Cathay Pacific Airlines".


We can assume that one attacker or organization made same attack due to same malicious files.


"69380236_10107_receipt.rar" contains malicious file which has folder-typed icon.


Upon executing "69380236_10107_receipt.exe", it will create "atievxx.exe" on (Temp) folder.


And then, it will create "69380236_10107_receipt" folder and 69380236_10107_receipt.pdf" file its inside.


"69380236_10107_receipt.pdf" is locked by password. These days, we got many locked files using for APT attack. Therefore, locked files especially document files including(PDF, HWP, DOC, XLS) has great possibility of malicious file. When you think you are infected, you'd better change your e-mail password and personal information.


"atievxx.exe" will wait additional command and can be exposed by leaking various information and working as a backdoor from attacker after accessed certain host in Hong Kong.


3. Summary

We have to notice that various APT attacks are booming in these days. Besides, users need to be careful from being exposed by security threats. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.

Free installation link of nProtect AVS : http://avs.nprotect.com/

19 comments:

  1. I was looking through some of your blog posts on this site and I believe this web site is really informative! Keep on putting up.This site is really helpful for us. and also like it .Very wonderful information can be found on web blog . “The quality of an organization can never exceed the quality of the minds that make it up http://www.religionstube.com/categories/7/Music-Videos

    ReplyDelete
  2. Explore more great articles on a topic (just like this one) at this https://writemypaper4me.org/blog/how-to-title-essay website, guys.

    ReplyDelete
  3. Ahh that is great thank you ! Good for special needs too!

    ReplyDelete
  4. Your Article provides useful information for more details visit aio downloader tutuapp Cartoon HD

    ReplyDelete
  5. Internet marketing is ever evolving one dollar hosting this year. These 5 things will propel you to the top and earn you more profits.

    ReplyDelete
  6. Online Advertising has come a long way since its inception in the year 1994. In its early days, it was dominated by the https://brainclubs.com/ and the content of traditional advertising, but now, the scenario has changed. Online Advertising has evolved quickly, acquiring the status of an indispensable tool for brand building and promotion in this competitive age.

    ReplyDelete
  7. شركة مكافحة الفئران بالرياض http://tiny.cc/6lph5y  أصبح يوجد الكثير من شركات مكافحة الفئران في الرياض ، التي تعمل في القضاء على أي نوع من الحشرات سواء كان قوارض أو زاحفه أو طائره بشكل نهائي، و نظراً لكثره شكاوي مدينه الرياض من الفئران والقوارض.

    فقد قررت الشركة على أن تكثف اهتماماتها بأعمال مكافحة الفئران و القضاء على مشكله القوارض المزعجة بشكل نهائي.
    كما أن حرصت شركة مكافحة فئران بالرياض على أن توفر طرق تساعد على التخلص من كافة أنواع الفئران بأحجامها المختلفة.
    لأننا جميعاً نعلم أن تواجد القوارض في المنزل من أكثر الأشياء التي تسبب للسيدة الرعب والفزع، ولكل للموجودين بالمنزل وبالأخص الأطفال ومن المعروف أن الفئران من القوارض التي تقوم بتخريب المنزل وتقضي على الأخضر واليابس بها عن طريق على تدمير الأثاث الخشبي والطعام لذا حرصت الركة علي ان تخلصك من كل هذه المشكلة في أسرع وقت ممكن فبادر بالاتصال بها. … اقرأ المزيد

    المصدر: شركة مكافحة الفئران بالرياض

    افضل شركة جلي بلاط بالرياض http://tiny.cc/5pph5y  لا شك أن رونق البلاط أو الرخام يساهم في تحسين المظهر في الفلل والقصور كما يضفي بريقا لامعا على مظهرها مما يعني أن اتساخها و تغطيتها بالأتربة يجعلها تفقد ذلك البريق .
    تقدم شركتنا أفضل خدمة لجلي البلاط والرخام وإعادة مظهره اللامع والبراق له مع توظيف كافة المعدات الحديثة لديها و أمهر عمالة مدربة على هذا الغرض .
    للشركة باع طويلة وخبرة سابقة في تنظيف الرخام والبلاط للفلل والقصور والمنازل ومداخل الشركات والمكاتب والمؤسسات
    لسنا الوحيدين لكننا الأفضل في عالم جلي الرخام والبلاط وإعادة مظهره البراق ولمعته وبدون تجريحه أو خدشه وهذا سر تميزنا عن باقي الشركات … اقرأ المزيد

    المصدر: شركة جلي بلاط بالرياض

    ReplyDelete
  8. If you wish to create a digital road-map for your organization, it is important for you to implement smart and effective digital marketing services for better results. Digital media is pervasive today and customers have access to information any time, any where. Be it for shopping, news, entertainment or social interaction, consumers are now hostpapa hosting review to a wide variety of information, and therefore, companies must amp up their digital marketing services to retain customer attention.

    ReplyDelete
  9. You nailed it. very good writing skills.Great post keep sharing.
    note=Geek squad support provides the best troubleshooting solutions regarding your technical issues, if you need the best service for the hardware devices then we are here to give you the best services for your devices. Geek Squad tech support is a 24/7 helpline provider.

    ReplyDelete
  10. It is good to get the information about APT attack which has been pursued by the Taiwanese airline, it is quite shocking.
    Do you know? If you are a QuickBooks Enterprise platform user and finding any kind of assistance then get it easily from QuickBooks Enterprise Support Number.

    ReplyDelete
  11. Attacks like these prompts everyone to stay safe from the threats of the digital world.
    If you want your work to be professional and fast then use Microsoft Office Suite, as its tools and features gives you lots of ease when you work. Download Office today!

    ReplyDelete
  12. It is quite frightening to read all sorts of news related with digital or cyber attacks that are happening around the globe, the risk is really very high these days. Similarly; if you have an HP Printer and you do not pursue HP Driver Update time to time then there are higher chances that your printer might not work properly.

    ReplyDelete
  13. If you are a QuickBooks user, get all the issue related to QuickBooks in one place i.e., from the download to the installs and any problems in understanding any of its features, get help from our specialist immediately, they will give you the most of your issues. Will provide a good solution. You can simply contact QuickBooks Support Phone Number and tell them your issue.

    ReplyDelete
  14. QuickBooks is the most extreme eminent bookkeeping application in the market today. Everybody realizes that Intuit QuickBooks is very popular for creating and structuring adaptable duty and bookkeeping programming that defends complex errands to release business efficiency. Yet, it is additionally obvious that the work area variant of QuickBooks has some substantial restrictions, which make it difficult for organizations to follow the supportable development. In my estimation, organizations need to change to the cloud-based QuickBooks Support so as to profit propelled highlights, upgraded security, and compactness.Our toll free no - +1(888)253-0666
    Visit : Quickbooks Support

    ReplyDelete
  15. If you are still facing the same nagging error, then simply dial our toll-free number +1(800)880-6389. Our team of QuickBooks error technical support experts will be there to assist you in a single call.

    ReplyDelete
  16. it seems really amazing.if you are looking for an antivirus which can keep your data secure from virus and malware then you can pick Norton Antivirus. it holds the best method to prevent these malwares to prohibit the enterance. you can get the Norton Setup and install it in your device to make it work.

    ReplyDelete
  17. We understand that students in Australia encounter different challenges in completing their Best Custom Essay Writing Service. We offer Best Online Paper Writing Service to students regardless of their specialty, discipline or educational level.

    ReplyDelete
  18. Your article is very informative and helpful to me. Thank you for the post it's really nice.
    Quickbooks customer support | QuickBooks Support | Quickbooks helpline number

    ReplyDelete