By Ioana Patran
| BUCHAREST, March 1
BUCHAREST, March 1 Romania believes another
state was behind the "MiniDuke" cyber attack that hit its
national security institutions as well as NATO and other
European countries, its SRI secret service said on Friday.
It did not say which foreign power it suspected.
Earlier this week, Russia's Kaspersky Lab and Hungary's
Laboratory of Cryptography and System Security, or CrySyS, said
the targets of the campaign included government computers in the
Czech Republic, Ireland, Portugal and Romania.
They also said a think tank, research institute and
healthcare provider in the United States were among those
targeted by the malicious software, which they have dubbed
"MiniDuke".
NATO also confirmed it had been targeted, although the
alliance said its computer systems had been unaffected.
"It is a cyber attack ... pursued by an entity that has the
characteristics of a state actor," SRI spokesman Sorin Sava told
Reuters in a phone interview on Friday.
"Our estimations show the attack is certainly relevant to
Romania's national security taking into account the profile of
the compromised entities," Sava said, adding that private
organisations had also been targeted.
One of the researchers involved in identifying the attack
told Reuters earlier this week he also suspected a foreign
government was involved, but did not say which. Romania is the
first government to make such a suggestion.
The MiniDuke hackers attacked their victims by exploiting
recently-discovered security bugs in Adobe's Reader and Acrobat
software. They sent their targets PDF documents tainted with
malware, an approach that hackers commonly use to infect PCs.
Adobe said it had released a software patch to cover the
flaw, and any users who had downloaded it would be protected
against "MiniDuke".
Computer security experts and Western officials say
state-backed cyber attacks aimed at stealing information have
soared in recent years. While they rarely attribute blame
publicly, in private many blame China - although Beijing angrily
denies the charge.
In this case, however, computer experts say an attacker from
the former Soviet Union could be more likely. "MiniDuke" in some
ways resembles a banking fraud Trojan dubbed "TinBa" believed to
have been created by Russian criminal hackers.
SRI would not give the names of the affected institutions.
Sava said specialised secret service "reaction teams" were
investigating the size of the attack to "limit its consequences
and stop it".
"This attack has a bigger impact because of its superior
technological level that allows it to better conceal itself and
take over control over a compromised network in order to extract
information," Sava said.