Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Malware Attack Targeting AutoCAD is Suspected Espionage

Researchers at ESET have uncovered a new worm that is stealing AutoCAD drawings and designs, and shipping them off to an email account that appears to be in China. Given the hype around Stuxnet and other focused code, the appearance of this worm took ESET researchers by surprise.

The malware itself is written in AutoLISP, the scripting language used by AutoCAD. Over the last two months, the worm – called ACAD/Medre.A – has remained focused on Latin America, most notably Peru.

Researchers at ESET have uncovered a new worm that is stealing AutoCAD drawings and designs, and shipping them off to an email account that appears to be in China. Given the hype around Stuxnet and other focused code, the appearance of this worm took ESET researchers by surprise.

The malware itself is written in AutoLISP, the scripting language used by AutoCAD. Over the last two months, the worm – called ACAD/Medre.A – has remained focused on Latin America, most notably Peru.

ESET is reporting an unusually high number of infections (over 10,000), and suggests that this might be explained by the fact that malware disguised as AutoCAD files may have been distributed to companies that were conducting business with public services in Peru.

Researchers say that the malware is targeting versions 14.0 to 19.2 of AutoCAD, and that the author of the worm assumes it will also work in future releases of the software.

“After some configuration, ACAD/Medre.A will begin sending the different AutoCAD drawings that are opened by e-mail to a recipient with an e-mail account at the Chinese 163.com. It will try to do this using 22 other accounts at 163.com and 21 accounts at qq.com, another Chinese internet provider,” explained Righard Zwienenberg, of ESET’s malware research team, on a company blog

In addition to AutoCAD drawings, the malware also targets PST files (email) and will attempt to copy those as well. 

According to Zwienenberg, the malware represents “a serious example of suspected industrial espionage.”

“Every new design created by a victim is sent automatically to the authors of this malware. Needless to say, this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals will have designs before they even go into production by the original designer. The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office.”

The email accounts used to store the stolen details were eventually closed, but not before the damage was done. It’s unknown if the code has spread to other areas.

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...