New espionage malware has been discovered that targets a patched sandbox-bypass vulnerability in Adobe Reader. The attacks have hit a relatively small number of government victims in 23 countries, primarily in Europe, and rely on a string of unusual tactics, including the use of steganography to hide backdoor code, as well as the capability to reach out to Twitter accounts created by the attackers for links to command and control servers.
Dubbed MiniDuke by researchers at Kaspersky Labs and CrySyS Lab, these attacks were active as of one week ago. They rely on effective social engineering to deliver infected PDFs targeting Adobe Reader 9-11. The PDFs purport to be Ukraine's foreign policy and NATO membership plans, as well as information for a phony human rights seminar. The victims are not geographically similar; Kaspersky Labs reports 59 victims, most throughout Europe, a few Middle Eastern countries, Brazil and the United States.
"This is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor," a Kaspersky and CrySyS report said. "Some of the elements remind us of both Duqu and Red October, such as the minimalistic approach, hacked servers, encrypted channels but also the typology of the victims."
Continued : https://threatpost.com/en_us/blogs/miniduke-espionage-malware-hits-governments-europe-using-adobe-exploits-022713
Bizarre old-school spyware attacks governments, sports Mark of the Beast
Old school malware used for spying on European govts
'Old School' MiniDuke Malware Targets European Governments Via Adobe