News

Beebus virus targets aerospace and defence

Warwick Ashford

Security researchers have discovered a new threat that targets companies in the aerospace and defence industries that appears to have links with attacks originating from China.

The virus, dubbed Beebus, uses malicious email attachments that exploit vulnerabilities in PDF and .doc files to infect computers within target companies, according to researchers at security firm FireEye.

Those behind the Beebus campaign have also used drive-by downloads to infect computers. These attacks are invisible and do not require victims to do anything except visit an infected website, which could be a legitimate site that has been compromised by the attackers.

Beebus uses a well-documented vulnerability in the Microsoft Windows operating system (OS) known as DLL search order hijacking.

According to the researchers, Beebus drops a DLL called ntshrui.DLL in the C:\Windows directory to achieve persistence.

The malware communicates with a remote command and control server, first encrypting the data it collects. It then waits for commands from the C&C server in response to the data sent out.

Beebus has modules designed to capture information about the system such as OS and processor. It can also capture information such as process ID, process start time, and current user information.

Another module is designed to download and execute additional payloads and updates

According to the researchers, the Beebus campaign has been targeting companies in the aerospace and defense industry in waves.

Based upon correlations with other attacks, the researchers believe Beebus to be yet another one of the tools, techniques and procedures associated with threat actors based in China.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy