The IceFog APT (advanced persistent threat), discovered in September 2013, continued to cause problems as researchers at Kaspersky reveal the malware is now using a Java backdoor.
Analysts at the Russian security firm have observed three unique victims of "Javafog", all of them in the US. One of the victims is apparently a very large American oil and gas company that operates around the world.
A long term operation
"The attack commenced by exploiting a Microsoft Office vulnerability, followed by the attackers attempting to deploy and run Javafog, with a different C&C," Kaspersky researchers explain in a blog post on the latest manifestation of the threat.
"We can assume that based on their experience, the attackers found the Java backdoor to be more stealthy and harder to notice, making it more attractive for long term operations."
Dana Tamir, director of enterprise security at Trusteer, said that to prevent Java exploits and malware-based infiltrations, it is important to restrict execution only to known trusted Java files.
Since organisations struggle to manage and maintain a complete list of all known trusted files, they should at least restrict execution to "files that have been signed by trusted vendors, or downloaded from trusted domains," she added.