by August 7, 2013 0 comments

An e-mail with a malicious attachment purportedly from the Chinese Ministry of National Defense is targeting government agencies across Asia and Europe, reports Trend Micro.

According to Trend Micro researchers, the e-mail appears to have been sent from a Gmail account and did not use a Chinese name.

The fake message document contains a malicious attachment, which exploits a vulnerability (CVE-2012-0158) in Microsoft Office (all versions from Office 2003 to Office 2010 were affected) that was patched more than a year ago.

The exploit is used to drop a backdoor onto the system, which steals login credentials for websites and e-mail accounts from Internet Explorer and Microsoft Outlook. Any stolen information is uploaded to two IP addresses, both of which are located in Hong Kong.

This particular attack was aimed primarily at both personnel belonging to Europe and Asia governments. The message was sent to 16 officials representing European countries alone, stated Trend Micro.


The topic of the e-mail and the attached document would be of interest to these targets. In addition, the information stolen and where it was stolen from is very consistent with targeted attacks aimed at large organizations that use corporate mainstays like Internet Explorer and Outlook.

It’s worth noting, however, that Chinese media organizations were also targeted by this attack. The backdoor itself has also been detected in the wild – but, interestingly, it has been most frequently seen in China and Taiwan, with a more limited presence in other Asian countries.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.