The Hacker News

on Friday, 27 September 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Chinese APT Espionage campaign, dubbed 'Icefog' targeted Military contractors and Governments
9/27/2013 4:05:00 PM

Kaspersky Lab has identified another Chinese APT campaign, dubbed 'Icefog', who targeted Governmental institutions, Military contractors, maritime / shipbuilding groups, telecom operators, industrial and high technology companies and mass media.

The Hacking group behind the attack who carry out surgical hit and run operations, is an advanced persistent threat (APT) group, used a backdoor dubbed Icefog that worked across Windows and Mac OS X to gain access to systems.

"The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide," the report (PDF) said.

This China-based campaign is almost two years old and follows the pattern of similar APT-style attacks where victims are compromised via a malicious attachment in a spear-phishing email, or are lured to a compromised website and infected with malware.

The attackers embed exploits for several known vulnerabilities (CVE-2012-1856 and CVE-2012-0158) into Microsoft Word and Excel documents.

Once a computer has been compromised, the hackers upload malicious tools and backdoors. They look for email account credentials, sensitive documents and passwords to other systems.


"We observed many victims in several other countries, including Taiwan, Hong Kong, China, USA, Australia, Canada, UK, Italy, Germany, Austria, Singapore, Belarus and Malaysia," the research team said.

There is no concrete evidence to confirm this was a nation-state sponsored operation, but based on where the stolen data were transferred to, Kaspersky wrote the attackers are assumed to be in China, South Korea and Japan.

In total, Kaspersky Lab observed more than 4,000 uniquely infected IPs and several hundred victims. They are now in contact with the targeted organizations as well as government entities in order to help them identify and eradicate the infections.

Author

photo of Mohit Kumar

aka 'Unix Root' is Founder and Editor-in-chief of 'The Hacker News'. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | | | Facebook Profile

Popular Stories

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)