Kaspersky uncovers 'MiniDuke' malware, multiple governments targeted

The Russian cybersecurity firm published a report yesterday detailing how 'MiniDuke', a sophisticated piece of malware with advanced exploits, has been distributed through Adobe's PDF Reader software in order to gain intelligence from high profile targets.

The MiniDuke backdoor was used to attack multiple governments, though some private sector targets were discovered - primarily research institutes and one healthcare provider. Most hits were seen across Europe and the United States, though incidents were also uncovered in Turkey and Lebanon.

PDF documents were sent to carefully profiled targeted victims. Everyone received an email specifically associated to their work, according to Kasperky Lab execs who spoke to AMEinfo.

"Unfortunately we have not seen the type or amount of data stolen," said Vitaly Kamluk, Kaspersky Lab's Chief Malware Expert. "We currently have information about more than 50 unique IP addresses worldwide for computers that have been affected by the malware, but we don't know what information was stolen, or if it was stolen at all."

While information may seem cloudy at this stage, experts do know that the attackers had been developing MiniDuke for around seven months, a shorter development time than the recent Red October malware.

"We are not aware this [threat] has been active for a long time, it's just the latest one we've seen. It got in our focus because of the PDF data used. I don't think there's been a big gap between the threat appearing and our discovery," Kamluk told AMEinfo.

Kasperky Lab's CEO, Eugene Kaspersky, described the attack as 'very unusual' in a statement.

"I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld," he said.

The MiniDuke attackers are reportedly still active at this time and have created malware as recently as February 20, 2013.

Previously: Steven Bond spoke to Kaspersky Lab's Vitaly Kamluk about malware trends at Gitex in October.

To read the full research report by Kaspersky Lab and the recommendations for protecting against MiniDuke attacks, visit Securelist. To read CrySys Lab's report, click here.