Menu
Russian cyberspies targeted the MH17 crash investigation

Russian cyberspies targeted the MH17 crash investigation

The Pawn Storm cyberespionage group set up rogue VPN and SFTP servers to target Dutch Safety Board employees

A Russian cyberespionage group that frequently targets government institutions from NATO member countries tried to infiltrate the international investigation into the crash of Malaysia Airlines Flight 17 (MH17).

MH17 was a passenger flight from Amsterdam to Kuala Lumpur that crashed in eastern Ukraine close to the Russian border on 17 July, 2014. All 283 passengers and 15 crew members lost their lives.

The Dutch Safety Board led an international investigation into the incident and released a final report on Oct. 13, concluding that the Boeing 777-200 aircraft was shot down by a warhead launched from a Russian-built Buk missile system.

Security researchers from Trend Micro have found evidence that a cyberespionage group dubbed Pawn Storm, which has long been suspected to have ties to the Russian intelligence services, has targeted the Dutch Safety Board before and after the MH17 report was finalized.

On September 28, the group set up a rogue SSH File Transfer Protocol (SFTP) server mimicking the one used by the Dutch Safety Board. On Oct. 14, the group did the same with a virtual private networking (VPN) server.

On September 29, a fake Outlook Web Access (OWA) server was also created by the group to target a partner of the Dutch Safety Board in the MH17 investigation, the Trend Micro researchers said in a blog post.

It is likely that the rogue servers were set up with the goal of phishing login credentials from people involved in the MH17 crash investigation in order to obtain access to confidential information, the researchers said.

This is the first time the Trend Micro researchers have seen a cyberespionage group set up a rogue VPN server for phishing. Even though the Dutch Safety Board's real server uses temporary access tokens for authentication, those can be easily stolen and don't protect against one-time fraudulent access, the researchers said.

Most of Pawn Storm's attacks to date have reflected Russia's geo-political interests. The group has recently intensified its campaigns against critics of the country's intervention in the Syrian conflict.

Over the past two months several rogue OWA servers were set up to launch phishing attacks against the military and ministries of defense and foreign affairs of most Middle Eastern countries that oppose the Russian military campaign in Syria, the Trend Micro researchers said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MH17Pawn StormSSH File Transfer Protocol (SFTP)Malaysian AIrlines

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments