New Advanced Persistent Threat, IXESHE, On The Rise

Malware makes use of targeted email with malicious attachments

A new advanced persistent threat is on the prowl, targeting enterprises with malicious email attachments, researchers say.
According to a new report from Trend Micro, a group of attackers referred to as IXESHE (pronounced i-sushi) has already leveled its attack on East Asian governments, electronics manufacturers, and a German telecommunications company.
The IXESHE campaign makes use of targeted emails with malicious attachments to compromise victims’ systems, Trend Micro states. The emails are often tailored for specific victims and contain malicious attachments that are almost always weaponized .PDF files with known exploits that drop malware executables onto targeted systems. In addition, the IXESHE attackers conducted two specific attacks that leveraged zero-day exploits—one in 2009 and another in 2011.
The IXESHE attackers almost always make use of compromised servers as command-and-control [C&C] servers, Trend Micro continues. In some cases, the compromised servers are hosted on target organizations’ networks after successful infiltration so the attackers can increase their control of the victims’ infrastructure. Using this approach, the attackers amassed at least 60 C&C servers over time.
This technique also allows the attackers to cover their tracks, as having the C&C server in the victims’ corporate networks means very little C&C traffic leaves them, the Trend Micro researchers report. The attackers’ deliberate use of compromised machines and dynamic Domain Name System (DNS) services allows them to hide traces of their presence by confusing their activities with data belonging to legitimate individuals.
The malware samples used in this campaign were not very complicated by nature, but do give the attackers almost complete control over their targets’ compromised systems, Trend Micro warns. Enterprises that find themselves infected with the APT should attempt to determine the attack vector and cut off communications with the C&C server, the researchers advise.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Advanced Persistent Threat, IXESHE, On The Rise