On January 3, 2013, Trend Micro published a research paper describing the newly discovered HeartBeat APT campaign.
Trend Micro reports that the HeartBeat campaign appears to targeted at South Korea. The attack is estimated to have started in November of 2009. The HeartBeat campaign targets the following sectors:
- Political parties
- Media outfits
- A national policy research institute
- A military branch of South Korean armed forces
- A small business sector organization
- Branches of South Korean government
The attack used a custom RAT (remote access tool). Trend Micro summarizes what the RAT does:
These commands give the attackers complete control over their victims’ systems. Attackers also have the option to uninstall the RAT any time to cover their tracks and avoid being discovered.
The RAT was probably installed using the tried and true method — spearphishing. Trend Micro shows us the process:
Trend Micro tells us one way to fight this class of attack is to avoid opening email attachments and clicking embedded links from unknown sources. Of course, the bad guys know this, too. That is why they masquerade as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at 408-727-6342, ext 3 or use our online form.