Security vendors deliver a blow against cyberespionage group Hidden Lynx

The midweek spotlight shines on cybersecurity as a cross-industry security collaboration named Operation SMN takes action against Hidden Lynx malware. Meanwhile, the Sandworm Windows zero-day vulnerability has been actively exploited in targeted attacks.

A coordinated operation involving Symantec and a number of other security companies has delivered a blow against Backdoor.Hikit and a number of other malware tools used by the Chinese-based cyberespionage group Hidden Lynx. The organisations involved in this operation include Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Symantec, ThreatConnect, Tenable, ThreatTrack Security, Novetta, and Volexity.

Symantec welcomed the work between industry partners so that any organisation likely to be targeted by these groups will be better protected in the future.  
  
A critical new vulnerability in the Windows operating system, the Microsoft Windows OLE Package Manager Remote Code Execution Vulnerability (CVE-2014-4114) allows attackers to embed files from external locations. The vulnerability can be exploited to download and install malware on to the target’s computer.

Symantec regards this as critical since it allows attackers to remotely run code on the target’s computer. While it has been exploited on a limited basis in the wild, other groups are likely to attempt to take advantage of it now that its existence has been publicised.

Comments