- Matt Gaetz attempts to storm impeachment hearing with a phalanx of elderly white men 6 Years Ago
- Maxine Waters rips into Zuckerberg during Libra hearing 6 Years Ago
- Chrissy Teigen draws the ire of QAnon fans for criticizing conspiracy 6 Years Ago
- This Twitch streamer was shocked to discover a fan made videos of all her sneezes Today 9:28 AM
- ‘Rick and Morty’ episode title reveal highlights how dumb episode title reveals are Today 9:27 AM
- Ajit Pai is unhappy states are bucking his agency’s net neutrality repeal Today 9:04 AM
- Paul Rudd’s appearance on ‘Hot Ones’ becomes an instantly iconic meme Today 8:23 AM
- Network of fake news sites in Michigan appears to be right-wing propaganda effort Today 6:30 AM
- ‘BoJack Horseman’ hints at a brutal reckoning in its final season Today 5:30 AM
- How to stream Barcelona vs. Slavia Praha in the Champions League Today 2:00 AM
- How to stream Chelsea vs. Ajax in the Champions League Today 1:00 AM
- People are using #WheresLindsey to criticize Graham over Trump ‘lynching’ defense Tuesday 8:22 PM
- 2 Proud Boys sentenced to 4 years in prison for attacking antifa protesters Tuesday 7:20 PM
- Paul Joseph Watson is very upset by bartender serving beer with her butt Tuesday 6:24 PM
- Twitter developing a policy to combat deepfakes Tuesday 5:28 PM
Meet Icefog, the cyber-mercenaries terrorizing Asia’s governments
Icefog has targeted defense agencies and telecoms in Japan and Korea.
In a report released in late August, Moscow-based cybersecurity firm Kaspersky Lab revealed the existence of a hacker group called Icefog that has attacked some of the biggest defense and telecom firms in Japan and South Korea and struck at the very heart of Japanese democracy.
“The attackers hit a wide range of industries. Targets vary from suppliers to military contractors to TV stations, satellite operators, defense contractors, shipbuilders and more,” explained Kaspersky Lab Senior Researcher Roel Schouwenberg. “This suggests the ultimate customer(s) for this type of data are government or government-related entities.”
Kaspersky’s investigation into Icefog began earlier this year when it received a sample of the attack materials used against Japanese broadcaster Fuji TV. After a careful analysis, Kaspersky researchers discovered it was an updated version of the malware used in a 2011 attack against the both houses of the Japanese legislature.
Considering the importance of the attack, Kaspersky Lab conducted a thorough investigation and discovered at least 20 other targeted organizations, including the Japan-China Economic Association—a prominent trade group led by the chairman of Toyota.
The report noted that, while it was able to determine these companies were targeted by Icefog, not all of them were necessarily compromised.
Employing similar methods to those used by the Syrian Electronic Army, Icefog’s attacks relied on “spear-phishing” emails that work by getting unsuspecting employees of the targeted organizations to click an email link that infects their computers. When the victims opened links to what they thought were racy photos or dry policy papers, they were actually opening the door for Icefog. That gave the group, which appears to be a multi-national effort with actors in China, South Korea and Japan, the ability to steal documents, user account credentials and address book info.
Kaspersky believes Icefog is functioning as a “cyber-mercenary” organization, auctioning off its hacking skills to the highest bidder. While cyber-mercenaries are nothing new (a British intelligence report earlier this year warned of the groups’ increasing prevalence), Icefog’s history suggests a shift in both size and operating procedure that could ultimately make such cybercriminals more difficult to catch.
“Generally what we see with cyberespionage operations are longer, persistent, campaigns,” noted Schouwenberg. “However in the Icefog campaigns we observed the attackers seemed to know what information they were after and would leave the network after the information was obtained. They try to clean up their tracks when moving on to the next target.”
APT1, the China-based hacker group that ran amok inside the computer systems of the New York Times after the paper published an article detailing the vast fortune of Chinese Prime Minister Wen Jiabao, is believed to have over 100 members; whereas, Icefog likely has under a dozen—making the latter significantly harder to track.
“In the future, we predict the number of small, focused…[for-hire] groups to grow, specializing in hit-and-run operations,” Kaspersky research director Costin Raiu added in an interview with Forbes, “a kind of ‘cyber mercenary’ team for the modern world.”
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.