After we had published the CosmicDuke report in July 2014, we continued to actively follow the malware. Today, we discovered two new samples that both leverage timely, political topics to deceive the recipient into opening the malicious document.

The first one discusses the Ukraine crisis and EU sanctions over Russia and the original document was published here less than a week ago.



The topic of the second document is definitely focusing on current affairs: Scotland votes on independence today. The original article was published early this week. Here is the decoy document:



It is obvious that the attackers are keeping abreast of the latest political news, and they are very agile: they have the capability and capacity to rapidly utilize the information to increase the odds of social engineering.

If you are interested in learning more about CosmicDuke, these latest samples, as well as other interesting discoveries, will be discussed in detail at T2, an information security conference during October 23-24 in Helsinki, Finland.