Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Kaspersky Lab identifies APT Icefog

Kaspersky Lab identifies APT Icefog 

“For the past few years, we’ve seen a number of APTs hitting pretty much all types of victims and sectors. In most cases, attackers maintain a foothold in corporate and governmental networks for years, smuggling out terabytes of sensitive information,” said Costin Raiu, director, Global Research and Analysis team, Kaspersky Lab. “The ‘hit and run’ nature of the Icefog attacks demonstrate a new emerging trend: smaller hit-and-run gangs that go after information with surgical precision. The attack usually lasts for a few days or weeks and after obtaining what they were looking for, the attackers clean up and leave. In the future, we predict the number of small, focused ‘APT-to-hire’ groups to grow, specializing in hit-and-run operations; a kind of ‘cyber mercenary’ team for the modern world.”

The report found that the group targets companies in a variety of sectors, including military, shipbuilding, computer and software development, research companies, telecommunications operators, satellite operators, and media and television.

Kaspersky found that the attackers are very specific in the information they are looking for, which includes sensitive company documents, email credentials, and passwords to resources both inside and outside a company’s network. With APT attacks, victims tend to remain infected for months or years at a time while attackers continuously steal data. Instead, Icefog uses backdoor set – also known as Fucobha – to target one victim at a time, take specific files, and leave once they have what they need.

In addition of Japan and South Korea, Kaspersky identified over 400 victims in countries such as Taiwan, Hong Kong, China, the USA, Canada, the United Kingdom, Italy, Germany, Austria, Singapore, Belarus and Malaysia. Dozens of those victims were running Windows operating systems, and over 350 of them were running Mac OS X. These statistics were obtained by sinkholing 13 of the over 70 domains used by Icefog.

Based on this data, Kaspersky believes that most of the attackers are based in China, South Korea and Japan.

Related posts