ESET detects cyber-attack on Vietnamese ministry

Monday, Jun 23, 2014 17:36

The English version of the ministry of Natural Resources and Environment's website. According to Slovakia's ESET company, hackers has detected a targeted attack against the ministry.

HA NOI (Biz Hub) — Slovakia's ESET company has detected a targeted attack against the Vietnamese government's Ministry of Natural Resources and Environment (MONRE).

On its blog on June 20, the security firm did not reveal any information about the perpetrators but showed how they had targeted MONRE's employees, and how the malware behaved in the ministry's system.

MONRE uses webmail as a means of providing email access to its staff. Its employees have to download the word document and are not allowed to preview it in their web browser. Taking advantage of this, hackers put malware into the attached document. When the file is opened, the malware exploits a vulnerability to drop an executable file named payload.exe into the computer.

When run, the malware will check to see whether the Bach Khoa Anti-Virus (BKAV) software is present. This is done to circumvent BKAV's protection. Researchers from ESET found out that the main dropper file did not successfully execute its files in Windows XP or the earlier versions of Windows. However, in Windows Vista and the newer versions of Windows, the files are successfully executed via code injection into explorer.exe.

The Slovakian firm expressed concerns over the security of confidential information, such as data on the East Sea.

Speaking to Infonet online newspaper, Nguyen Huu Chinh, director of MONRE's IT Department, said that the ministry had received the information and was studying the case to resolve the issue early. — VNS

Comments (0)