Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Government Agencies, Utilities Among Targets of ‘VOHO’ Cyber-Spy Attacks

    Written by

    Robert Lemos
    Published September 27, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The computer systems of nearly 1,000 companies, government agencies and nonprofit organizations were compromised in a cyber-espionage operation that used semi-targeted attacks—known as waterhole attacks—to infect systems within certain industries, such as international finance, utilities, defense and government contractors, security firm RSA stated in a report released on Sept. 26.

      The campaign, dubbed VOHO by RSA, compromised Websites whose audiences lived in specific regions—near Boston and Washington, D.C., or whose audiences sought out specific types of information, such as political activism, defense or education. In an analysis of the attacks, security giant RSA found that more than 32,000 systems were redirected from compromised Web servers and, of those systems, 12 percent were infected with the malicious software.

      Such an attack strategy is known as a “waterhole” operation. Attackers identify Websites that their intended targets are likely to visit and then compromise those sites with code designed to redirect visitors to another server that attempts to infect the victim’s computer.

      “They are casting a wide net in hopes that by doing so, they are going to impact a number of entities, but most importantly, the targets have relevance to what they are looking for,” said Will Gragido, advanced threat intelligence lead for the FirstWatch team at RSA.

      The attacks installed a remote access Trojan, known as Gh0st RAT, previously identified in cyber-espionage attacks against religious and political organizations and technology companies. In the case of the latest operation, the remote-access Trojan was installed by what appeared to be an update for Microsoft or Symantec software, the report stated.

      Drive-by attacks typically have a 5 to 10 percent success rate, so the 12 percent infection rate is high, Gragido said. There are a number of factors that could be responsible for the higher infection rate. Victims that trust the compromised Website or service may be more likely to take risky actions that could get their systems infected, he said. In addition, exploit kits that use exploits for vulnerabilities in Java typically have better success rates than those that use older vulnerabilities. About half the exploits used in the VOHO attack targeted Java, according to RSA data.

      The attacks compromised a large number of companies, mainly in the financial, health care, and utilities sectors. A large number of local and federal government agencies were also impacted. While RSA did not find traces of the information stolen from the organizations, the collection of targets suggest that the attack may be nation-state related, Gragido said.

      “Based on our research, we were not able to establish what they were after in respect to the targets,” he said. “One could, however, say that—based on the targets of interest—it was a cyber-espionage operation.”

      The compromised computers communicated with command-and-control servers in Hong Kong, RSA said.

      Robert Lemos
      Robert Lemos
      Robert Lemos is an award-winning journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.