Newly discovered cyber campaign targets Taiwanese, Philippine govt entities
7% of Topic Trooper C&C servers located in UAE, vendor says
Trend Micro has uncovered an ungoing cyber-campaign called Operation Topic Trooper, which the security vendor said is targeted at the Taiwanese government and heavy industries in the country, as well as key agencies of the Philippine military.
Trend Micro said that the command-and-control (C&C) servers used in the campaign were located in four countries, with 7% of the servers based in the UAE. The rest of the servers were from Taiwan (43%), the USA (36%), and Hong Kong (14%).
"Throughout March to May 2015, our researchers noted that 62% of the Tropic Trooper-related malware infections targeted Taiwanese organisations while the remaining 38% zoned in on Philippine entities," said the security vendor in a report.
"Targeted attack activity was heaviest in March and dwindled in the succeeding two months."
The tools and attack methods of the campaign revealed vulnerabilities in the target organisations' systems, which may have exposed critical data, Trend Micro said.
The identities and motivations of the actors behind the campaign have yet to be identified.
Trend Micro said that Operation Tropic Trooper has been active since 2012. For the campaign, spear-phishing emails were sent to the targeted entities, and these contained malicious files with exploits designed for old Microsoft Office vulnerabilities.
Trend Micro said that social engineering was used in these emails. Attached were any of several malicious documents using filenames related to their target organisations. Opening these attachments would allow the download of an image file with an embedded piece of malicious code - a tactic called steganography, which helps to avoid ant-malware and network perimeter detection.
Trend Micro said that, once the final payload, a backdoor, is installed on the infected system, it is able to perform several malicious routines. This included stealing data, installing a root kit, killing processes and systems, deleting files and directories, and putting systems to sleep.
The vendor said that, as with other targeted attacks, organisations need to implement a custom defence strategy that protects against all stages of the campaign. Trend Micro added that, since Tropic Trooper takes advantage of old, existing vulnerabilities, organisations should ensure that their patches are properly up to date.