Meet Icefog, the cyber-mercenaries terrorizing Asia's governments
In a report released in late August, Moscow-based cybersecurity firm Kaspersky Lab revealed the existence of a hacker group called Icefog that has attacked some of the biggest defense and telecom firms in Japan and South Korea and struck at the very heart of Japanese democracy.
“The attackers hit a wide range of industries. Targets vary from suppliers to military contractors to TV stations, satellite operators, defense contractors, shipbuilders and more,” explained Kaspersky Lab Senior Researcher Roel Schouwenberg. “This suggests the ultimate customer(s) for this type of data are government or government-related entities.”
Kaspersky’s investigation into Icefog began earlier this year when it received a sample of the attack materials used against Japanese broadcaster Fuji TV. After a careful analysis, Kaspersky researchers discovered it was an updated version of the malware used in a 2011 attack against the both houses of the Japanese legislature.
Considering the importance of the attack, Kaspersky Lab conducted a thorough investigation and discovered at least 20 other targeted organizations, including the Japan-China Economic Association—a prominent trade group led by the chairman of Toyota.
The report noted that, while it was able to determine these companies were targeted by Icefog, not all of them were necessarily compromised.
Employing similar methods to those used by the Syrian Electronic Army, Icefog’s attacks relied on “spear-phishing” emails that work by getting unsuspecting employees of the targeted organizations to click an email link that infects their computers. When the victims opened links to what they thought were racy photos or dry policy papers, they were actually opening the door for Icefog. That gave the group, which appears to be a multi-national effort with actors in China, South Korea and Japan, the ability to steal documents, user account credentials and address book info.
Kaspersky believes Icefog is functioning as a “cyber-mercenary” organization, auctioning off its hacking skills to the highest bidder. While cyber-mercenaries are nothing new (a British intelligence report earlier this year warned of the groups’ increasing prevalence), Icefog’s history suggests a shift in both size and operating procedure that could ultimately make such cybercriminals more difficult to catch.
“Generally what we see with cyberespionage operations are longer, persistent, campaigns,” noted Schouwenberg. “However in the Icefog campaigns we observed the attackers seemed to know what information they were after and would leave the network after the information was obtained. They try to clean up their tracks when moving on to the next target.”
APT1, the China-based hacker group that ran amok inside the computer systems of the New York Times after the paper published an article detailing the vast fortune of Chinese Prime Minister Wen Jiabao, is believed to have over 100 members; whereas, Icefog likely has under a dozen—making the latter significantly harder to track.
“In the future, we predict the number of small, focused…[for-hire] groups to grow, specializing in hit-and-run operations,” Kaspersky research director Costin Raiu added in an interview with Forbes, “a kind of ‘cyber mercenary’ team for the modern world.”
Texans are adopting dogs in droves to rescue them from flooded animal shelters
Now this is Southern hospitality.88k
This photo of an Army widow at her husband's grave reminds us what Memorial Day is all about
Laureen Lopez-Berry's husband Richard was killed by a car bomb in Afghanistan in 2012.39k
How to play every classic video game on your phone
The best '80s and '90s consoles in the palm of your hand.21k
The rich tradition of African storytelling is making the leap to comics
Artist and author Paul Louise-Julie talks about the roots of Africa's comics revolution.
Your definitive guide to the best robot butts
Thick, toned and metal.7