ESILE Targeted Attack Campaign Hits APAC Governments
July 28, 2014
  
    
            
            
         The targeted attack campaign Esile was found in the second half of 2013 trying to spread backdoor malware inside the networks of East Asian governments, electronic manufacturers, and telecommunications firms.
The targeted attack campaign Esile was found in the second half of 2013 trying to spread backdoor malware inside the networks of East Asian governments, electronic manufacturers, and telecommunications firms.The Asia and the Pacific (APAC) region has long been a popular target for organized attacks, mainly due to political motivations. The majority of the targeted attack cases we analyzed in the second half of 2013 were focused on Taiwan and Japan. The media-grabbing EvilGrab campaign had targeted users and organizations in Japan and China in 2013. In the same year, a different attack also targeted Chinese media and government organizations with the goal of stealing email credentials.
Research is ongoing as to why these specific industries are targeted and by whom. But it's not exactly a new trend. According to the 2013 Annual Security Roundup, attackers have constantly focused mostly on targeting government sites throughout the year.
The Esile campaign was named after certain strings found in the unpacked malware file that it sends out. All of the malware related to this campaign are detected as BKDR_ESILE variants.
These variants are mostly Trojan malware that are cloaked by files that users may consciously or unknowingly download when they visit malicious sites. Once these malware gets inside a machine, they can open the door for attackers to send and receive remote commands. In the case of the Esile campaign, these commands include the following:
· create and modify user accounts on computers,
· modify administrator groups,
· display lists of computers and shared resources,
· scan for ports in use,
· display running tasks and processes,
· start a service,
· display detailed configuration information about a computer, etc.
IT managers can identify the Esile campaign by watching for network traffic and malicious file indicators related to it. The Trend Micro 2H 2013 Report on Targeted Attack Trends further details these technical indicators. Companies should be able to mitigate the loss of data with the help of network traffic analysis, which we have long regarded as a useful tool for detecting targeted attack activity.
More than just detecting Esile in the network, companies should also be familiar with common network indicators that show that attackers are already inside the network and are communicating with its malware components.
HIDE
            
            Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
            Posted in Cyber Attacks, Targeted Attacks
        
         Complexity and Visibility Gaps in Power Automate
Complexity and Visibility Gaps in Power Automate AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™
AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™ Trend 2025 Cyber Risk Report
Trend 2025 Cyber Risk Report Stay Ahead of AI Threats: Secure LLM Applications With Trend Vision One
Stay Ahead of AI Threats: Secure LLM Applications With Trend Vision One