Threat Intelligence, Incident Response, Malware, TDR, Vulnerability Management

Backdoors delivered to Japanese orgs by way of Ichitaro exploit

Researchers at Symantec have uncovered the exploits of a cyberespionage group targeting organizations in Japan.

According to a Thursday blog post by the firm, malicious emails were used to spread backdoors Emdivi, Korplug and ZXshell to victims. Instead of simply including a link to compromised websites in phishing ruses, attackers used booby-trapped Ichitaro document files to spread malware.

That attack leverages a remote code execution vulnerability, CVE-2014-7247, in the widely-used Ichitaro word processor, so that users running vulnerable versions of the software are exploited. The backdoors are all designed to “steal confidential information from the compromised computer,” Symantec said.  

The cyberespionage campaign,“Operation CloudyOmega,” has been active since 2011 and its perpetrators have “communication channels with other notorious attacks groups,” like Hidden Lynx, the firm noted.  A patch for the zero-day vulnerability is now available.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.