The world of advanced persistent threats (APTs) is well known. Skilled opponents compromising well-known victims and stealthily precious data exfiltration over many years. These teams are sometimes dozens or even hundreds of people, passing by terabytes or even petabytes of data exfiltrated.
There is an increasing focus on paternity and to identify the sources of these attacks, not much is known about a new emerging trend: small gangs hit-and-run that goes at the end of the supply chain and compromise targets with surgical precision.
From 2011, we followed a series of attacks that bind us to an actor threat called Icefog. We believe that it is a relatively small group of attackers who go after the supply chain - targeting government institutions, military contractors, marine groups and naval construction, telecom operators, satellite operators, industrial enterprises and high technology and the mass media, mainly in South Korea and the Japan. Ce Icefog campaigns rely on tools to measure of cyber-spying for Microsoft Windows and Apple Mac OS X. The attackers directly control machines infected during these attacks; In addition to Icefog, we noticed other malicious tools and backdoors for lateral movement and the exfiltration of data.
Key findings on the attacks of Icefog:
Kaspersky Lab would like to thank KISA (Korea Internet & Security Agency) and INTERPOL for their support of this investigation.
We share indicators of compromise, based on the OpenIOC for Icefog framework. Organizations in this way have an another way to check their network for the presence of (active) Icefog infections.
You can download the file to IOC (.zip) here.
A detailed FAQ on Icefog is available.
No comments:
Post a Comment