Researchers warn of 'hit and run' cyber attackers

2013-09-26 11:00
Global spam flow is monitored from Kaspersky Lab headquarters in Moscow. (Duncan Alfreds, News24)

Global spam flow is monitored from Kaspersky Lab headquarters in Moscow. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Washington - Security researchers said on Wednesday they uncovered a "cyber mercenary" team which specialises in attacks on targets in Japan and South Korea, and warned of more operations of that nature.

Kaspersky Labs identified the group as "Icefog", and said evidence points to it being based in China.

Based on the targets, the attackers appear to have an interest in military, shipbuilding and maritime operations, computers and software, research companies, telecom operators, satellite operators, mass media and television.

Kaspersky said the operation was a "small yet energetic Advanced Persistent Threat (APT) group" which focuses on targets involved in the supply chain for Western companies.

The operation started in 2011 and has increased in size and scope over the last few years, according to the report presented at a Washington cyber security conference.

Hackers-for-hire

The attackers have been "hitting pretty much all types of victims and sectors. In most cases, attackers maintain a foothold in corporate and governmental networks for years, smuggling out terabytes of sensitive information," said Kaspersky researcher Costin Raiu.

"The 'hit and run' nature of the Icefog attacks demonstrate a new emerging trend: Smaller hit-and-run gangs that go after information with surgical precision. The attack usually lasts for a few days or weeks and after obtaining what they were looking for, the attackers clean up and leave."

Raiu said these types of hackers-for-hire groups are growing, developing into a "kind of 'cyber mercenary' team for the modern world".

The researchers localised the attackers and "assume some of the players behind this threat operation are based in at least three countries: China, South Korea and Japan", with the largest number in China.

The report, presented at the Billington Cyber security Summit, said Icefog targeted attacks relied on spear-phishing e-mails that attempt to trick the victim into opening a malicious attachment or a website.

Some of these attachments include images of scantily clad women or "decoy" documents; when users click on the attachments, they unwittingly install malicious software which allows access to the attackers.

"The attackers are hijacking sensitive documents and company plans, e-mail account credentials, and passwords to access various resources inside and outside the victim's network," a Kaspersky statement said.

"In most cases, the Icefog operators appear to already know very well what they need from the victims. They look for specific file names, which are identified and transferred" to the attackers.
Read more on:    kaspersky lab  |  cybercrime

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
0 comments
Comments have been closed for this article.

Inside News24

 
/News

Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.