论文信息 - A Look at Targeted Attacks Through the Lense of an NGO

A Look at Targeted Attacks Through the Lense of an NGO

We present an empirical analysis of targeted attacks against a human-rights Non-Governmental Organization (NGO) representing a minority living in China. In particular, we analyze the social engineering techniques, attack vectors, and malware employed in malicious emails received by two members of the NGO over a four-year period. We find that both the language and topic of the emails were highly tailored to the victims, and that sender impersonation was commonly used to lure them into opening malicious attachments. We also show that the majority of attacks employed malicious documents with recent but disclosed vulnerabilities that tend to evade common defenses. Finally, we find that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against political and industrial organizations, and Tibetan NGOs.

[1] Zhuoqing Morley Mao,et al. Automated Classification and Analysis of Internet Malware , 2007, RAID.

[2] Zhenkai Liang,et al. BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[3] Christopher Krügel,et al. Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[4] Leyla Bilge,et al. Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[5] Dawn Xiaodong Song,et al. On the Feasibility of Internet-Scale Author Identification , 2012, 2012 IEEE Symposium on Security and Privacy.

[6] Vitaly Shmatikov,et al. Abusing File Processing in Malware Detectors for Fun and Profit , 2012, 2012 IEEE Symposium on Security and Privacy.

[7] Ralph Langner. To Kill a Centrifuge A Technical Analysis of What Stuxnet ’ s Creators Tried to Achieve , 2013 .

[8] Vern Paxson,et al. When Governments Hack Opponents: A Look at Actors and Technology , 2014, USENIX Security Symposium.

[9] Adam Senft,et al. Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware , 2014, USENIX Security Symposium.