As many as 200 computers belonging to government ministries, a nuclear safety agency and a regional petroleum company are under the control of sophisticated espionage software that has ties to attackers who have previously penetrated RSA, the Dalai Lama’s network, and dozens of high-level government systems, researchers said.
The discovery, disclosed by members of Dell SecureWorks at this year’s RSA security conference in San Francisco, underscores the endurance of attacks known as APTs, or advanced persistent threats. One of the malware samples used in the espionage campaign was first detailed in a 2010 report (PDF) that revealed a massive spy network that targeted the government of India, the Dalai Lama and other Chinese dissidents located in Tibet. A later report from antivirus provider Trend Micro said the “Enfal” malware, aka the “Lurid Downloader,” infected at least 1,465 computers in 61 countries. The campaign discovered by SecureWorks also used a second malware family known as “RegSubsDat” that was first identified in 2009.