ESG security researchers have observed a marked raise of highly targeted malware attacks on specific individuals, governments and organizations. While traditional malware attacks are designed to attack millions of computers, Advanced Persistent Threats, are often highly targeted and are at times even state-sponsored or linked to specific groups looking to further their own agenda. A particularly persistent group of these kinds of attackers is known as IXESHE due to the detection for the malware that they use. IXESHE has been known to target a German telecommunications company and governments located in Eastern Asia. Typically, an IXESHE attack will use malicious email messages that are targeted towards the attacked group. These email messages will contain attached PDF files that take advantage of various exploits in order to install malicious executable files on the victim’s computer system. ESGsecurity researchers have linked IXESHE attacks to two malicious email campaigns that took advantage of zero-day exploits in Adobe Systems software; one of these took place in 2009 and the other in 2011.
IXESHE and Command and Control Servers
IXESHE attacks will typically use command and control servers that, sometimes, may be hosted on the victim’s own networks. Through this method, criminals behind IXESHE were at one time able to take over at least sixty servers for use as malware command and control servers. This specific approach also gives criminals the advantage of being able to thwart PC security analysts due to the fact that their command and control servers will be hosted in the victim’s own networks. IXESHE attacks are very adept at covering their tracks, and the source of the attacks is often quite difficult to detect.
Known Targets of IXESHE Attacks
IXESHE malware attacks are designed to spy on the infected computer system, gathering data without the victim’s knowledge. ESG security researches have been able to determine three distinct victims for IXESHE attacks since 2009:
– An important telecommunications firm based in Germany
– Various electronics manufacturers located in Taiwan
– Governments of East Asian nations
Due to the fact that IXESHE malware tends to remain hidden in order to gather data without being detected, it is probable that many victims are not aware that they have become infected. As soon as a probable victim is identified, PC security researchers will contact them to warn them of the fact. ESG security analysts suspect that IXESHE attacks have been active at least since July of 2009.
How Can You Detect IXESHE?