Menu
Poseidon hacker group behind long-running extortion scheme

Poseidon hacker group behind long-running extortion scheme

After compromising a network, the group tries to blackmail its corporate victims

Kaspersky Lab has linked a single group to a long-known campaign of cyberattacks that appears to be aimed at extorting corporate victims.

The Poseidon Group may have been active since 2001, according to an analysis of malware samples. The group's tools have been designed to function on systems set to English and Portuguese.

Victims are usually sent spear-phishing emails and malware hidden inside office documents. Once on a network, the hackers explore its topology in order to eventually steal intellectual property and commercial information.

"Then the attacker looks for all administrator accounts on both the local machine and the network," Kaspersky wrote in a post on Tuesday. "This technique allows them to map network resources and make lateral movements inside the network, landing in the perfect machine to match the attacker’s interest."

But the most interesting facet of Poseidon is that it doesn't just steal data.

"The information exfiltrated is then leveraged by a company front to blackmail victim companies into contracting the Poseidon Group as a security firm," Kaspersky wrote.

Even if a company is blackmailed into using Poseidon's alleged services, the group tries to maintain its malware on the affected company's system.

Kaspersky didn't provide a lot of detail about the ruse, but said that at least 35 companies have been affected in industries such as banking, government, telecommunications, manufacturing and energy, besides media and public relations firms.

Poseidon's attacks have been noticed before but never linked back to just one group, Kaspersky said. This is likely because the group frequently changes its infrastructure, such as command and control servers. It also signs malware with a variety of digital certificates with the names of rogue companies, Kaspersky said.

"By carefully collecting all the evidence and then reconstructing the attacker’s timeline, we found that it was actually a single group operating since at least 2005, and possible earlier, and still active on the market," the company wrote.

Kaspersky said it has reached out to companies that appear to have been infected and shared indicators of compromise, or technical information that points to an attack.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments