• Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

    Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily...
  • miniLock - Open Source File Encryption Tool from CryptoCat Developer

    It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as...
  • A BEGINNERS GUIDE TO HACKING UNIX

      *************  *       A BEGINNERS GUIDE TO:        *  *        ...
  • CASH! CASH! Hacking ATM Machines with Just a Text Message

    As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million...
  • Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

    Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the...
  • Snoopy Drone Can Hack Your Smartphones

    The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for...
  • Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

    Android - a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts...
  • Introduction to Netcat

    Introduction : So I was messing around on the internet and came across a tool called Netcat.  I've been messing with it for a couple of...
  • Google Nexus phone vulnerable to SMS-based DOS attack

    Google’s Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network...
  • Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

    A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability...

Sunday, 29 September 2013

Chinese APT Espionage campaign, dubbed 'Icefog' targeted Military contractors and Governments

Kaspersky Lab has identified another Chinese APT campaign, dubbed ‘Icefog’, who targeted Governmental institutions, Military contractors, maritime / shipbuilding groups, telecom operators, industrial and high technology companies and mass media.

The Hacking group behind the attack who carry out surgical hit and run operations, is an advanced persistent threat (APT) group, used a backdoor dubbed Icefog that worked across Windows and Mac OS X to gain access to systems.
"The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide," the report (PDF) said.


This China-based campaign is almost two years old and follows the pattern of similar APT-style attacks where victims are compromised via a malicious attachment in a spear-phishing email, or are lured to a compromised website and infected with malware.
The attackers embed exploits for several known vulnerabilities (CVE-2012-1856 and CVE-2012-0158) into Microsoft Word and Excel documents.

Once a computer has been compromised, the hackers upload malicious tools and backdoors. They look for email account credentials, sensitive documents and passwords to other systems.

"We observed many victims in several other countries, including Taiwan, Hong Kong, China, USA, Australia, Canada, UK, Italy, Germany, Austria, Singapore, Belarus and Malaysia," the research team said.

There is no concrete evidence to confirm this was a nation-state sponsored operation, but based on where the stolen data were transferred to, Kaspersky wrote the attackers are assumed to be in China, South Korea and Japan.
In total, Kaspersky Lab observed more than 4,000 uniquely infected IPs and several hundred victims. They are now in contact with the targeted organizations as well as government entities in order to help them identify and eradicate the infections.

1 comment: