Report: Cyber Attacks On U.S. ‘Advanced, Persistent’

Friday, September 18, 2015 @ 05:09 PM gHale

A high-level hacking group called Iron Tiger appeared to have stolen a boatload of confidential data from the United States government, U.S. defense contractors and related companies in the United States and abroad, security company Trend Micro said in a research report.

In a classic advanced persistent threat scenario, U.S.-based security tech intensive companies ended up hacked and continuously monitored since 2013 until this year, Trend Micro reported in its paper entitled, “Operation Iron Tiger: Exploring Chinese Cyber Espionage Attacks on U.S. Defense Contractors.”

Fighting Off the ICS Pivot Point
German Steel Mill Attack: Inside Job
Stuxnet Loaded by Iran Double Agents
IT Getting an OT Education

China based Iron Tiger hacking group is a highly-active, continuous advanced persistent threat that continues to hack and attack the U.S.

“Operation Iron Tiger is a targeted attack campaign discovered to have stolen trillions of bytes of data from defense contractors in the U.S., including stolen emails, intellectual property, and strategic planning documents,” Trend Micro said in a blog post.

The report gives more details saying Iron Tiger targeted military defense contractors, intelligence agencies, FBI-based partners, and the U.S. government. The private entities were tech-based government contractors in the electric, aerospace, intelligence, telecommunications, energy, and nuclear engineering industries.

Iron Tiger exfiltrated up to 58GB worth of data from a single target, the report said. It could have potentially stolen up to terabytes of data in total, Trend Micro reports. It is highly environmentally adaptive and otherwise sophisticated and well organized, potentially merely an arm of a larger, multi-teamed operation with various targets.

The primary location of China as the operatives’ home base became apparent because the operatives used virtual private network (VPN) servers that only accepted China-based registrants, used Chinese file names and passwords, and operated from China-registered domains, the report said.

“The actors have stolen emails, full Active Directory dumps, intellectual property, strategic planning documents, and budget- or finance-related content—all of which can be used to sabotage target governments’ or private organizations’ plans,” the report said.

Click here to download the report.