When spying goes through Autodesk 3ds Max

Bitdefender researchers report the discovery of a massive cyber espionage action based on a zero-day flaw in Autodesk 3ds Max software, software used for 3D computer graphics. This is a particularly important action by virtue of the sector targeted: “one of the companies involved is engaged in architectural projects with builders of luxury properties worth billions of dollars in New York, London, Australia and in Oman. The company's clients and projects involve luxury residences, high-profile architects and world-renowned interior designers ".

Targeted attacks through Autodesk

The mechanism is the usual one: a zero leak -day exploited for the installation of ad hoc components, the remote spying of information and the theft of intellectual property for unspecified purposes. According to what emerged, different attacks monitored in recent weeks would refer to the same remote servers, therefore to a common root of the different malware used.

Above all, explains Liviu Arsene, Senior Security Analyst at Bitdefender, the attack seems to be sophisticated and focused: “We don't know when the attack started, as our investigation began after the breach. At the time of publication of our report, the command and control infrastructure was still active, potentially indicating that it is still being used by other malware. " Here is the complete analysis of the attack.