Security threats Toolkit

UK under attack from Asian Trojans

Dan Ilet silicon.com

Published: 16 Jun 2005 14:50 BST

Three hundred key business and government organisations are threatened by a wave of data-stealing attacks from Asia, the government has warned.

According to the National Infrastructure Security Co-ordination Centre (NISCC), hackers in East Asia have developed Trojan horse programs that attempt to steal information from certain parts of the critical national infrastructure (CNI). The CNI is made up of finance, transport, telecoms, energy and government bodies.

A report from the NISCC said: "Parts of the UK's critical national infrastructure are being targeted by an ongoing series of email-borne electronic attacks. While the majority of the observed attacks have been against central government, other UK organisations, companies and individuals are also at risk."

The Trojans can infect computers through emails or websites. The emails are usually spoofed and appear to be from news or government agencies.

Companies running Microsoft software are most vulnerable to the attacks, the NISCC said. It added that the Trojans differ from previous attacks but didn't give any further information.

Roger Cumming, director of the NISCC, said the attacks have been happening for some months. He told silicon.com: "We cannot say hand on heart and identify who is doing this. In order to name countries and shame them we'd need evidence that stands up in court. This is different from the stuff you've been seeing - it's industrial strength. We reached a point where if we were to assist UK [business], we needed to make [them] aware of this.

"We've worked hard to get this information into the public domain as quickly as possible. The majority of attacks exploit known vulnerabilities. If there was a word to use here, it would be 'patch'."