Security researchers have discovered a complex ecosystem of cyber espionage which they claim systematically compromised computer networks in India, the Offices of the Dalai Lama, the United Nations and several other countries.
A report - "Shadows in the Cloud: An Investigation into Cyber Espionage 2.0" - published by security research firms Information Warfare Monitor and Shadowserver Foundation has documented evidence of a cyber espionage network that compromised government, business, academic and other computer systems.
The researchers were able to obtain data from 44 compromised computer systems, finding:
- A web-based interface that lists cursory information on compromised computers located on one command and control server;
- Text files in web-accessible directories on three command and control servers that list detailed information on compromised computers;
- Information obtained from e-mail accounts used for command and control of compromised computers;
- Information obtained from one command and control server from which exfiltrated documents (but not necessarily technical identifying information) were retrieved;
- Information obtained from DNS sinkhole.
The researchers said the hackers, believed to be two people living in Chengdu, have links to the Chinese hacking community. They appear to use social networking sites including Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! to build a command-and-control infrastructure, designed to maintain persistence.
The researchers found evidence that confidential, encrypted documents were stolen from the Indian government. One of the compromised systems was the High Commission of India's UK office.