Hackers Launched A Matryoshka Doll Attack

Computer criminals have devised a new attack scheme known as the Matryoshka Doll Attack aimed against government institutions, continue reading to find out more.

The Matryoshka Doll Attack Is a Dangerous Force

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

The dangerous attack campaigns continue against high-profile targets. While most of the ransomware attacks were made against individual users by using social engineering tricks to spread various viruses. A new dangerous campaign, has surfaced it is named as the Matryoshka Doll Attack by the security researchers who discovered it. Cisco Talos researchers identified that the viral attack is done through infected Microsoft Word documents. However there are some important distinctive features and characteristics which sets it apart from other similar attacks:

  • The malicious documents target mainly NATO member government institutions using phishing emails during the Christmas and New Year holidays.

  • The included payload is swapped with junk data which is devised to cause a large resource usage.

The algorithm uses a nested document that holds several nested objects. The first object is an OLE container that contains an Adobe Flash exploit. It extracts a binary file that is embedded in itself by using a built-in ActionScript code. This binary file contains a second payload which contains the actual malware. Here is how the attack is initiated:

  1. First a global constant is set which contains the URL of the remote malicious C&C server. A HTTP request is initiated to it and then a response message is sent.

  2. A careful analysis shows that several DNS requests and commands are used to gain information about the victim machine – operating system and Adobe Flash version. According to the analysis if the target host is identified as a virtual machine or a sandbox, the attack is concluded.

  3. If the attack is continued then several advanced features are used during the infection phase. A large amount of junk data is used to confused any running security systems, a well-known method for stealth detection.

How To Prevent and Remove Infections Caused By The Matryoshka Doll Attack

This advanced attack can be used to introduce various malware and viruses which can include ransomware. In addition there are some dangers that we must take into account:

  • The Matryoshka Doll Attack primarily targets NATO member government institutions. As it is a high-ranking attack, depending on its sucess we might see future strains that use the same method.

  • The fact that the virus causes excessive resource usage might mean that sabotage can be a possible criminal intervention.

  • Advanced stealth detection features are built-in.

To reliably defend against such cases we recommend that everyone use a trusted anti-spyware utility. For more information on the issue you can read Cisco Talos’s in-depth blog post.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *