Organisations in 31 countries have been targeted in a new wave of attacks. The attackers used compromised websites or “watering holes” to infect pre-selected targets with previously unknown malware. There has been no evidence found yet that funds have been stolen from any infected banks. The attacks was discovered when a bank in Poland found out that an unknown malware was running on a number of its computers. The bank then shared indicators of compromise (IOCs) with other institutions and a number of other institutions confirmed that they too had been compromised. The source of the attack appears to have been the website of the Polish financial regulator. The attackers compromised the website to redirect visitors to an exploit kit which attempted to install malware on selected targets. The exploit kit is preconfigured to only infect visitors from approximately 150 different IP addresses. Countries affected include Poland, U.S, Brazil, Chile, Denmark, Venezuela, amongst others.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street