Hackers carried out political and economic cyber espionage attacks on military, diplomatic and defence industry targets in the US, Europe and Pakistan, security researchers have found.
The attack operation has been dubbed “Pawn Storm”, which refers to the attackers’ use of two or more connected tools or tactics to attack a specific target similar to the chess strategy of the same name.
The attackers used specially crafted emails to trick targets into visiting bogus OWA login pages and entering their credentials.
Analysis of six multi-stage attacks revealed the common use of Sednit or Sofacy malware, designed to collect data and send it to the attackers.
“We believe the threat actors aimed to confuse their targets’ IT administrators by making it hard for them to string attack components together, thus evading detection,” the research report said.
READ MORE ABOUT CYBER ESPIONAGE
- US charges Chinese military officers with cyber espionage
- UK among targets of 'Mask' advanced cyber espionage campaign
- NSA involved in industrial espionage, says Snowden
- Researchers uncover Indian cyber espionage network
- Researchers uncover advanced cyber espionage campaign
- Targeted cyber espionage on the increase, McAfee warns
- IT manufacturers fight cyber espionage risks in the supply chain
- Norway’s Telenor hit by cyber espionage campaign
- Security Think Tank: Five steps to protect IP from cyber espionage
- Prolific cyber espionage group tied to the Chinese military
The attacks were carried out with the aid of five spear-phishing emails with plausible subjects to trick targeted individuals into opening malicious attachments designed to compromise their systems.
The targets of these emails included the French Ministry of Defence in 2011; the Vatican embassy in Iraq in 2012; military officials in several countries in 2013; and military officials in Pakistan and Polish government officials, in 2014.
In the past couple of months, the researchers found the attackers had also started using the watering hole attack method of compromising legitimate sites commonly visited by targeted individuals.
Legitimate sites in Poland were compromised to redirect targeted visitors to a fake military contractor website, designed to infect victims’ computers with information-stealing malware.
The researchers found attackers selected targets among visitors to the compromised site by checking operating system versions, language setting, time zone and software installed.
Defend your organisation against attack
These kinds of attacks work because many companies allow employees to use webmail services to access their mailboxes while on business travel or at home, according to independent security consultant Graham Cluley.
“Once successful, attackers can gain access to compromised mailboxes that they can then use to gain a foothold in target networks,” he wrote in a blog post.
Cluley noted that these attack techniques can be used against any organisation, not just defence contractors, embassies and government departments.
All organisations should make sure their computer systems are strongly defended and patched promptly, he said, and train staff to be very careful about what files they open, what links they click on, and where they choose to enter their username and password.