Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor | BOT24

Attackers Target Organizations in Japan; Transform Local Sites into C&C Servers for EMDIVI Backdoor

We found that attackers in an active campaign have compromised a number of Japanese websites to serve as command and control (C&C) servers for the EMDIVI backdoor they’re using and are currently targeting companies not only in Japan but also in the US.

EMDIVI, which first appeared in 2014, is notoriously used in targeted attacks against Japanese companies. It allows machines to be remotely controlled by attackers for malicious commands and other activities. We looked into this malware and found that it uses “magic numbers” in its routines.

We observed the campaign to target Japanese government agencies and private companies in the manufacturing, technology, and media industry. Its target companies in the US, one of which falls under the technology industry, are merely offices of Japanese companies, showing that it is still Japanese targets that the attackers are after.

We first reported of the campaign in November 2014, where it used email as an arrival vector. The campaign usually has low infection counts but has recently been gaining ground, no thanks to a watering hole attack that used a Hacking Team Flash zero-day exploit in July 2015.

more here.................http://blog.trendmicro.com/trendlabs-security-intelligence/attackers-target-organizations-in-japan-transform-local-sites-into-cc-servers-for-emdivi-backdoor/


Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment