Skip to content

2013 Press Release

Targeted Attack Campaign Threatens Different Industries in APAC

Trend Micro warns about the known “Naikon" Campaign and reminds users to take proactive actions

【Taipei, June 13th, 2013】World leading Security Vendor Trend Micro (TYO: 4704; TSE: 4704) recently discovered a targeted attack campaign that uses RARSTONE, a Remote Access Tool (RAT) in its operations. This campaign targets several entities in the APAC region. This campaign was first noticed by Trend Micro in February of 2013. It also later leveraged the Boston Marathon Bombing as social engineering bait in April. Trend Micro is calling this campaign “Naikon" based on strings found in related attacks.

“During these past months, we have been monitoring the Naikon Campaign and found some crucial statistics," said Macky Cruz, the Security Focus Lead of Trend Labs in Trend Micro Incorporated, “the targets are mainly industry users. About 60% of the victims are from the telecommunications, oil and gas, media/communications or government sectors, while the other 40 % could either be individual users or other industry users."

The monitoring results also suggest that the following countries in the APAC region are affected: India, Lao, Malaysia, Myanmar, Singapore and Vietnam.

“According to our Threat Analyst Maharlito Aquino, the Naikon campaign infiltrated networks via spear-phishing attacks," Macky mentioned, “Recently, we encountered at least three cleverly designed spear-phishing emails leveraging important inter-nation discussions in APAC."

The RAT used, which Trend Micro detected as BKDR_RARSTONE, is able to get installer properties from Uninstaller Registry Keys, so that it knows what applications are installed in the system and how to uninstall them, in the case that these applications inhibit RARSTONE’s functions. RARSTONE is directly loaded into memory and uses SSL to encrypt its communication with its C&C server, which not only protects that connection but also making it blend in with normal traffic. These behaviors together make the detection of the malware very difficult, if companies are using only file-based scanning technologies.

Trend Micro warns industry users that, the Naikon campaign or similar targeted attacks should be taken seriously. They are meant to stay under the radar and steal information from target entities. Traditional technologies such as blacklisting and perimeter controls are not enough to detect or block the components of these campaigns. Instead, enterprises need to deploy tools as Trend Micro Deep Discovery to accomplish the protection and control over their networks in order to identify dubious network traffic.

For more information about the campaign, please visit:
http://blog.trendmicro.com/trendlabs-security-intelligence/rarstone-found-in-targeted-attacks

 

About Trend Micro

Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ global threat intelligence data mining framework, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.


Connect with us on