Menu
'Icefog' spying operation targeted Japan, South Korea

'Icefog' spying operation targeted Japan, South Korea

Kaspersky Lab says the Icefog attackers appeared to know what files they needed from victims

Kaspersky Lab says a hacking campaign called Icefog targeted organizations in Japan and South Korea with phishing emails laden with malware.

Kaspersky Lab says a hacking campaign called Icefog targeted organizations in Japan and South Korea with phishing emails laden with malware.

A hacking group that targeted Japan's parliament in 2011 is believed to have conducted nimble data thefts against organizations mainly in South Korea and Japan, including defense contractors, over the past two years.

The "Icefog" hackers probed victims one by one, carefully copying select files and then exiting the systems, according to security vendor Kaspersky Lab, which released a 68-page report on the group Wednesday.

"The nature of the attacks was also very focused," Kaspersky wrote. "In many cases, the attackers already knew what they were looking for."

Over the past several years, security analysts have noticed an uptick in so-called "advanced persistent threat" (APT) attacks, where interlopers plant stealthy malware on networks for cyber spying.

"In the future, we predict the number of small, focused APT-to-hire groups to grow, specializing in hit-and-run operations, a kind of 'cyber mercenaries' of the modern world," the report said.

Kaspersky did not name the organizations that were victimized, but did name a few targeted by Icefog. A private report with more information is available to governments, the company said.

Those targeted included the defense contractors Lig Nex1 and Selectron Industrial Company; two shipbuilding companies, DSME Tech and Hanjin Heavy Industries; Korea Telecom, Fuji TV and the Japan-China Economic Association. Kaspersky said the naming of those companies did not imply the Icefog attacks were successful.

Icefog was detected in 2011 after the group targeted Japan's parliament, and its campaign has continued through this year, Kaspersky said.

Based on where the stolen data was transferred to, Kaspersky wrote the attackers are assumed to be in China, South Korea and Japan.

The hackers target victims by email, sending malicious attachments or links to websites that will attack the victim's computer if it has software vulnerabilities in programs such as Microsoft Word, Adobe Reader or within the operating system.

Mac OS X systems are also targeted. Kaspersky counted 4,500 IP addresses that were infected, which belonged to more than 430 victims. The Macfog malware, which purported to be a graphics application, popped up late last year on several Chinese-language forums.

"The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide," the report said.

Once a computer has been compromised, the hackers upload malicious tools and backdoors. They look for email account credentials, sensitive documents and passwords to other systems, Kaspersky said.

After the hackers find what they're looking for, the Icefog attackers tend to exit the systems.

"The 'hit and run' nature of this operation is one of the things that make it unusual," the report said. "While in other cases, victims remain infected for months or even years, and data is continuously exfiltrated, the Icefog attackers appear to know very well what they need from the victims."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwaredata protectiondata breachintrusionkaspersky lab

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments