Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    Spear-Phishing Attack on Industrial Consulting Firm Linked to Larger Campaign

    By
    Brian Prince
    -
    June 14, 2012
    Share
    Facebook
    Twitter
    Linkedin

      An unsuccessful spear-phishing attempt against a company specializing in assessing industrial control systems is tied to a larger campaign believed to be emanating from China, security researchers say.

      Last week, it was revealed that an employee of Digital Bond had received an email from an account meant to impersonate CEO Dale Peterson. The message linked to a .zip file based on an old research paper the company had published.

      Further analysis by researchers at AlienVault and IOActive connects the perpetrators of the attack to attacks against other organizations.

      “Using the information extracted from the binaries and the servers involved on the attack, we were able to [identify] more files and campaigns launched by this group during the last months,” explained Jaime Biasco, labs manager at AlienVault, in a blog post.

      Among the targets in those attacks were the Japan Network Information Center and the Hong Kong University of Science and Technology.

      “We have identified that the group behind these attacks is using hacked Web servers to host the malicious configuration files,” Biasco added. “Based on the networks hosting the C&C [command-and-control] IPs (mainly universities), it is very likely that these servers are also hacked and some kind of proxy is installed on them to redirect the traffic to the real C&C server. This can be easily [achieved] using HTran or other similar software commonly used by Chinese hacker groups in this kind of campaign.”

      Other targets of these attacks include targets related to the U.S. government or U.S. defense contractors directly, providing different services, such as authentication software/hardware, industrial control systems security or strategic consulting, explained Ruben Santamarta, a researcher for IOActive.

      Despite the difficulty in trying to confirm the true source of these attacks, €œwe would like to note that code, tricks and certain infrastructure usually present in the Chinese hacking scene have been identified in this campaign,” he blogged.

      When the malicious .zip file was analyzed by the Shadowserver Foundation, researchers concluded the attack patterns were similar to what was uncovered in the Shady Rat campaign revealed by McAfee in 2011. According to McAfee’s research, Shady Rat’s roots trace back to 2006 and have affected scores of organizations ranging from defense contractors to the United Nations.

      According to Shadowserver’s Ned Moran, the similarities between Shady Rat and the attack on Digital Bond include the use of encoded commands hidden in otherwise normal-looking Web pages, as well as an overlap in the C&C infrastructure used in this attack with previous Shady RAT attacks.

      The malware used in the attack was hosted on research.digitalvortex.com. Once a system is infected, the malware is designed to create a backdoor and connect to a C&C server at hint.happyforever.com.

      “It’s a bit concerning that a company whose sole focus is securing industrial control systems should be spear-phished,” blogged Reid Wightman, a Digital Bond security consultant. “The attacker clearly went to enough trouble to try to understand ICS security lingo to get the employee to open the link, and had to compromise a DNS server. … Thankfully, the attack was unsuccessful€”paranoia pays off. It is definitely a lesson in €˜be careful what you open€™ … even if looks to be coming from Digital Bond (or your boss, as in this case), don€™t open a file if you aren€™t expecting it.”

      Brian Prince

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×