Wednesday, November 26, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
UK Music Industry Wants New Tax on CD Copying
Samsung's DeepSort Sorting Engine Prevails In Benchmarks
Sony Plans E-Paper Watch: report
HP Reports Fiscal 2014 Full-Year and Fourth Quarter Results
Hitachi Wearable Device Monitors Brain Functions
Hitachi Technology Stores Digital Data In 100 Recording Layers, Data Can be Stored For 300 million Years
Sony To Provide Refunds To Users Over Misleading Ads For PlayStation Vita
Blu-ray Movie Discs Used As Templates For Improving Solar Cell Performance
Active Discussions
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
 Home > News > General Computing > Kaspers...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, September 26, 2013
Kaspersky Identifies New Asia-based Hacking Group


Today Kaspersky Lab's research team published a new report on the discovery of 'Icefog', a small yet energetic APT (Advanced Persistent Threat) group that focuses on targets in South Korea and Japan, hitting the supply chain for Western companies.

The operation started in 2011 and has increased in size and scope over the last few years. The report shows a new trend - the emergence of small groups of 'cyber-mercenaries' available for hire to perform 'surgical' hit and run operations.

"For the past few years, we've seen a number of APTs hitting pretty much all kinds of victims and sectors. In most cases, attackers maintain a foothold in corporate and governmental networks for years, exfiltrating terabytes of sensitive information", said Costin Raiu, Director, Global Research & Analysis Team at Kaspersky Lab. "The 'hit and run' nature of the Icefog attacks demonstrate a new emerging trend: smaller hit-and-run gangs that are going after information with surgical precision. The attack usually lasts for a few days or weeks and after obtaining what they were looking for, the attackers clean up and leave. In the future, we predict the number of small, focused "APT-to-hire" groups to grow, specialising in hit-and-run operations; sort of 'cyber mercenaries' of the modern world."

According to the report, the attackers appear to have an interest in the following sectors: military, shipbuilding and maritime operations, computers and software development, research companies, telecom operators, satellite operators, mass media and television.

Kaspersky's research indicates the attackers were in interested targeting defense industry contractors such as Lig Nex1 and Selectron Industrial Company, ship-building companies such as DSME Tech, Hanjin Heavy Industries, telecom operators such as Korea Telecom and media companies such as Fuji TV and the Japan-China Economic Association.

The attackers are hijacking sensitive documents and company plans, e-mail account credentials, and passwords to access various resources inside and outside the victim's network.

During the operation, the attackers are using the "Icefog" backdoor set (also known as "Fucobha"). Kaspersky Lab identified versions of Icefog for both Microsoft Windows and Mac OS X.

While in most other APT campaigns, victims remain infected for months or even years and attackers are continuously exfiltrating data, Icefog operators are processing victims one by one - locating and copying only specific, targeted information. Once the desired information has been obtained, they leave.

In most cases, the Icefog operators appear to know exactly what they need from the victims, according to the security firm.

Kaspersky researchers have sinkholed 13 of the more than 70 domains used by the attackers. This provided statistics on the number of victims worldwide. In addition, the Icefog command and control servers maintain encrypted logs of the victims together with the various operations performed on them by the operators. These logs can sometimes help to identify the targets of the attacks and in some cases, the victims. In addition to Japan and South Korea, many sinkhole connections in several other countries were observed, including Taiwan, Hong Kong, China, USA, Australia, Canada, UK, Italy, Germany, Austria, Singapore, Belarus and Malaysia. In total, Kaspersky Lab observed more than 4000 unique infected IPs and several hundred victims (a few dozen Windows victims and more than 350 Mac OS X victims).

Based on the list of IPs used to monitor and control the infrastructure, Kaspersky Lab's experts assume some of the threat actors behind this operation are based in at least three countries: China, South Korea and Japan.


Previous
Next
Bang & Olufsen Introduces New Wireless Speaker at CEDIA 2013        All News        Apple Fixes Lock Screen Bugs With iOS 7.0.2 Update
Google Celebrates 15th Birthday With Improved Search, Knowledge Graphs     General Computing News      Apple To pay 330 Million Yen Over iPod Patent Infringement

Get RSS feed Easy Print E-Mail this Message

Related News
Kaspersky Says Hacker Group Has Been Targeting Online Games
Kaspersky Develops Secure OS For Industrial Control
Kaspersky Discovers New version Of Flams Virus
Kaspersky Discovers New IT Virus Linked To Stuxnet
Kaspersky Reveals New Advanced Cyber Threat
Kaspersky Products Reported Trojan on Google Web Pages
Kaspersky Lab releases Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010
Kaspersky Lab Detects Mass Mailing of Valentine's Day Spam
First Mass Mailing of MP3 Spam Detected
Kaspersky Lab Launches New Technical Support Portal
Kaspersky Lab's Anti-Virus 6.0 Wins CNET Editors Choice Award

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .