CosmicDuke and the latest political news

After we had published the CosmicDuke report in July 2014, we continued to actively follow the malware. Today, we discovered two new samples that both leverage timely, political topics to deceive the recipient into opening the malicious document.

The first one discusses the Ukraine crisis and EU sanctions over Russia and the original document was published here less than a week ago

The topic of the second document is definitely focusing on current affairs: Scotland votes on independence today. The original article was published early this week. Here is the decoy document:

It is obvious that the attackers are keeping abreast of the latest political news, and they are very agile: they have the capability and capacity to rapidly utilize the information to increase the odds of social engineering.

If you are interested in learning more about CosmicDuke, these latest samples, as well as other interesting discoveries, will be discussed in detail at T2, an information security conference during October 23-24 in Helsinki, Finland.

On 18/09/14 At 09:13 PM

Read more: CosmicDuke and the latest political news

Story added 18. September 2014, content source with full text you can find at link above.