Discovered in June 2015, cloudduke is the most recent Duke campaign. The campaign may be a tactical shift in response to the widespread disclosure of the other Duke campaigns by security firms such as Kaspersky, Symantec, and F-Secure. CloudDuke relies on spear phishing emails that closely resemble those deployed in the CozyDuke campaign. The CloudDuke emails contain a self-extracting archive attachment that appears as an empty voicemail file (.wav) or a PDF file (often containing the word “terrorism”). If opened, then the second stage dropper executes. So far, the campaign has targeted European diplomatic organizations.
No comments:
Post a Comment