Security researchers have discovered a new threat that targets companies in the aerospace and defence industries that appears to have links with attacks originating from China.
The virus, dubbed Beebus, uses malicious email attachments that exploit vulnerabilities in PDF and .doc files to infect computers within target companies, according to researchers at security firm FireEye.
Those behind the Beebus campaign have also used drive-by downloads to infect computers. These attacks are invisible and do not require victims to do anything except visit an infected website, which could be a legitimate site that has been compromised by the attackers.
Beebus uses a well-documented vulnerability in the Microsoft Windows operating system (OS) known as DLL search order hijacking.
READ MORE ABOUT CYBER SECURITY:
- Businesses overconfident about cyber security, says Deloitte
- Former US cyber czar Howard Schmidt tells business not to wait for government
- UK to launch public cyber security awareness campaign
- Israel launches cyber warfare training programme
- Half of companies lack cyber threat knowledge
- Top cyber threats underline need for security awareness
- Cyber security at US energy agency found wanting
The malware communicates with a remote command and control server, first encrypting the data it collects. It then waits for commands from the C&C server in response to the data sent out.
Beebus has modules designed to capture information about the system such as OS and processor. It can also capture information such as process ID, process start time, and current user information.
Another module is designed to download and execute additional payloads and updates
According to the researchers, the Beebus campaign has been targeting companies in the aerospace and defense industry in waves.
Based upon correlations with other attacks, the researchers believe Beebus to be yet another one of the tools, techniques and procedures associated with threat actors based in China.