“The sophistication of this attack far surpasses anything we have seen to date from any state actors,” said Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command. 

“To use a military analogy, the level of sophistication of this attack is like comparing a World War I propeller-driven fighter plane to a stealth bomber coming in under the radar, completely destroying its target, and leaving before the enemy even realizes they have been attacked,” Adams said.

The disconcerting aspect of the story is that hacker are still targeting US government agencies, a new sophisticated campaign was detected on July 8. Also in this case hackers relied on spear phishing campaign email that purported to come from the National Endowment for Democracy, a prominent non-profit organization that supports pro-democracy efforts around the world.

“The emails contained a link that, when clicked, takes recipients to an infected server on the organization’s network. It then downloads malicious software onto the victim’s computer.”

As reported in the notice, the hackers used a multi-stage attack, once a first component infects the target it downloads other malicious payloads from the C&C server, the connections are protected by encryption to avoid detection.

“While I am somewhat comforted to hear that the malware was discovered on some systems, it is a virtual certainty that there are more instances of this malware inside the DOD and whatever other parts of our infrastructure this enemy has targeted,” Adams said.

Another notice obtained by The Daily Beast, warns that hackers are now targeting the Pentagon, the “U.S. government agencies and private sector companies” exploiting one of the flaws in Adobe Flash disclosed after the hack of the Hacking Team firm.

Pierluigi Paganini

(Security Affairs – Russian APT, US Government, Pentagon)