Government Staff Turns To Typewriters After Malware Attack

By Jessica Davis

- A new Russian hacking tool is targeting government systems in the United States and Europe through spear-phishing attacks, using stealthy, sophisticated mechanisms to go undetected.

Discovered by Palo Alto Networks, the “Cannon” trojan relies on Word documents to load remote templates embedded with malicious code. While not new or uncommon, the tool makes it difficult for automated systems to identify the infection due to its modular nature.

To accomplish this, the trojan uses the AutoClose function that lets Word delay the full execution of the malicious code until the user closes the document. The virus acts as a downloader, using the system’s email to get instructions from the command and control server.

>Dig Deeper

The virus is delivered in a normal fashion, through an email containing as Word document. The document itself contains no malicious links, which is why it’s difficult for security tools to detect. But once the email is opened, the Word document downloads a remote template that will download the malicious code.

The Word document installs two malicious programs. Cannon allows hackers to sneak onto a computer and take screenshots of the infected computer’s homepage. It gains information from the system, saves it to a file and then emails the images back to the hackers to receive further instruction.

“The overall purpose of Cannon is to use several email accounts to send system data (system information and screenshot) to the threat actors and to ultimately obtain a payload from an email from the actors,” the researchers wrote.

Palo Alto researchers believe the Russian Hacking group Fancy Bear or GRU is behind the trojan. This group was behind several major breaches, including the Democratic National Committee and medical data from both the International Association of Athletics Federation and World Anti-Doping Agency, among others.

The report from Palo Alto comes just several weeks after several security leaders told Reuters they’d seen Russian hackers impersonating State Department employees. The group was targeting U.S. think tanks, government agencies and other businesses with phishing campaigns.

The threat of nation state actors on the healthcare system is not new. In fact, a recent hearing into the phishing attack of the Minnesota Department of Health and Human Services revealed that the government agency had received an onslaught of phishing attacks throughout the summer.

Due to a lack of resources and staffing, Minnesota DHS was unable to keep up with the threat and detect the infection for several months. As the healthcare sector suffers from similar constraints, this new type of evasive threat could pose a serious issue.

Source :

New Stealthy Russian Hacking Tool Targets Government Agencies
Alaskan borough turns to typewriters and handwriting after its computers were hacked
MedStar Slowly Restoring Services After Malware Attack
Navy Attack Subs Lost More Than Two Decades Worth Of Operational Time To Maintenance Delays
Why phishing attacks are increasingly targeting the public sector (and what you can do about it)
Hospital hit by ransomware: Attackers demand Bitcoin to release control of system
Massive malware attack: Who's been hit
Town Reverts to Ancient Technologies After Getting Hacked
Stacey Abrams Ends Fight for Georgia Governor With Harsh Words for Her Rival
Why would China hack the U.S. government?