Five public institutions from the governmental network of Moldova had been the target of a malware program. The virus was identified and blocked in the incipient phase so that the information from the infected computers wasn’t affected, the press services of the Prosecutor Generals’ Office and the Security and Information Service have said.
According to specialists, the attempts to install elements of the malware on the computers and to place orders from the hackers’ server were thwarted. There were identified six command and control servers, all of them being located abroad. Evidence was found showing that the malware used very advanced techniques. To analyze the behavior of the virus, it was placed in an environment isolated from the network, which simulates the victim’s workstation.
The infection with this type of virus often occurs through phishing emails that look like official email messages. The computer is initially infected when accessing file attachments ending with .exe, .scr, .com or .bat. After the malware is installed on the computer, it is connected to the hackers’ server so as to download the virus itself.
An investigation was launched to identify the sources of infection and establish all the circumstances of the given cyber incidents. Experts of CERT-GOV-MD of the Special Telecommunications Center warn the authorities and the governmental institutions about the online risks and recommend observing the essential information security practices, regularly updating the anti-virus program and managing it in a centralized way, and taking anti-phishing measures.
