Well-Planned Cyber-Espionage Attacks

Monday, October 27, 2014 @ 04:10 PM gHale

There is a cyber-espionage operation targeting military, government and media organizations around the world, researchers said.

The group behind the operation has been around for a long time, since 2007, and continues to launch new campaigns against targets throughout the world, including the United States, said researchers at Trend Micro.

Industries Getting DHS Cyberthreat Tips Doubles
ICS Attack Responses
Espionage Group Targets NATO, EU
Insider Threat ‘Underestimated:’ DHS

In June 2014 they compromised government websites in Poland and last month infected the website for Power Exchange in Poland as well.

“The cyber criminals behind Operation Pawn Storm are using several different attack scenarios: Spear-phishing emails with malicious Microsoft Office documents lead to SEDNIT/Sofacy malware, very selective exploits injected into legitimate websites that will also lead to SEDNIT/Sofacy malware, and phishing emails that redirect victims to fake Outlook Web Access login pages,” said Trend Micro Senior Threats Researcher Jim Gogolinski in a blog post.

“Our investigation into Pawn Storm has shown that the attackers have done their homework,” he added. “Their choices of targets and the use of SEDNIT malware indicate the attackers are very experienced; SEDNIT has been designed to penetrate their targets’ defenses and remain persistent in order to capture as much information as they can.”

The spear-phishing emails sent by Pawn Storm attackers can be very target specific. In one case, a spear-phishing email went out to just three employees of the legal department of a billion-dollar multinational firm, Gogolinski said.

“The email addresses of the recipients are not advertised anywhere online,” he said. “The company in question was involved in an important legal dispute, so this shows a clear economic espionage motive of the attackers.”

Researchers said the attackers used a mix of spear-phishing emails and specially-crafted webmail service phishing websites to gain access to victims’ inboxes.

The goal of the attackers was to get a foothold in the target organizations. To avoid raising suspicions, the attackers used well-known events and conferences such as the Asia-Pacific Economic Cooperation (APEC) Forum and the Middle East Homeland Security Summit 2014 as part of social engineering schemes designed to trick their targets.

“Apart from effective phishing tactics, the threat actors used a combination of proven targeted attack staples to compromise systems and get in to target networks—exploits and data-stealing malware,” the report said. “SEDNIT variants particularly proved useful, as these allowed the threat actors to steal all manners of sensitive information from the victims’ computers while effectively evading detection,” the report said.

Click here to download the report.

Leave a Reply

You must be logged in to post a comment.