Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cyber-Espionage Rings Grabbing Corporate, Government Secrets

    By
    Robert Lemos
    -
    October 3, 2013
    Share
    Facebook
    Twitter
    Linkedin

      Two separate espionage groups are making highly targeted attacks on the networks of government agencies and private corporations in search of military, political and industrial secrets, according to independent research efforts by Kaspersky Lab and Symantec.

      One group, in operation since 2011, has compromised hundreds of computer systems at companies and government agencies in Japan, South Korea and Taiwan, as well as systems in Europe and the United States, according to an analysis by security firm Kaspersky Lab published last week.

      Dubbed Icefog, the group of digital spies is responsible for twin digital attacks on the Japanese House of Representatives and the House of Councillors in 2011. It has also targeted shipbuilding companies, defense contractors, media firms and telecom operators, Kaspersky stated in its analysis.

      While other groups have tried to maintain their presence in a compromised network for as long as possible, the Icefog group has adopted “hit and run” tactics–hacking in, stealing data and then quickly cleaning up—Kaspersky’s global research and analysis team (GReAT) stated in a blog post summarizing the research.

      “Although there has been an increasing focus on attribution and pinpointing the sources of these attacks, not much is known about a new emerging trend: the smaller hit-and-run gangs that are going after the supply chain and compromising targets with surgical precision,” the Kaspersky team said.

      Espionage groups—frequently referred to as advanced persistent threats (APTs)—are evolving. The hit-and-run strategy employed by Icefog is just one path such groups have taken to more effectively compromise their targets and steal data. Symantec has studied another group, dubbed “Hidden Lynx,” that appears to contract spies, stealing information based on its clients’ needs. Both groups show that the attackers’ techniques continue to mature as they apply various network infiltration tactics including focusing on their targets’ suppliers as a means to compromise targeted systems.

      For example, the Hidden Lynx group attempted to compromise defense contractors, but when it was blocked by software produced by security firm Bit9, the spies broke into that company’s network and grabbed the digital equivalent of a skeleton key.

      “They reconsidered their options and found that the best way around the protection was to compromise the heart of the protection system itself and subvert it for their own purpose,” a Symantec analysis of Hidden Lynx concluded.

      The Icefog group focuses on a short list of documents, stealing business secrets and company plans, credentials for email accounts and passwords for access to both internal and external company resources.

      “The Icefog attackers appear to know exactly what they need from the victims,” the Kaspersky analyst team stated. “Once the information is obtained, the victim is abandoned.”

      While the exact number of victims is unknown, dozens of Windows machines and more than 350 Mac OS X systems have been compromised by the Icefog malware, perhaps the first time a group has focused so heavily on Mac systems. Kaspersky suspects that there may even be an Icefog tool for infecting Android systems.

      The group has created at least six different variants of the malware to allow it to use different command-and-control mechanisms. The group and its malware will continue to evolve, and more will likely follow, the Kaspersky analysts said.

      “In the future, we predict the number of small, focused APT-to-hire groups to grow, specializing in hit-and-run operations,” the company stated.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×