Peter Kruse and Iurii Khvyl

Abstract

During a period of 4 months - and still on going - CSIS eCrime Unit, have been investigating a series of spear phishing attacks aimed towards medium to large sized companies across the globe. The attack was conducted using a specially crafted XLS spreadsheet exploiting a known and documented vulnerability in Microsoft Excel (CVE-2009-3129).
This presentation will focus on both the attack vector, purpose of the attack as well as a glips on the stolen data and the backend C&C system. We shall also try to provide evidence leading to the identity of the group behind these campaigns.  This outfit uses two different trojans to conduct the attack: "Hanove" (Tourist) and DragonEye.