Information Security News mailing list archives
Icefog hit-and-run hackers uncovered in Asia
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 26 Sep 2013 07:31:45 +0000 (UTC)
http://www.theregister.co.uk/2013/09/26/icefog_hit_and_run_apt_japan_south_korea/ By Phil Muncaster The Register 26th September 2013Kaspersky Lab has uncovered a new APT campaign aimed at pilfering secrets from governments and supply chain industrial, military, media and technology companies in Japan and South Korea.
Icefog features many of the key attributes of targeted attacks, including the spear phishing email lure to gain a foothold in the victim’s network; the use of malware which exploits known vulnerabilities; and the nabbing of email credentials and system passwords to move laterally inside the organisation.
However, where Icefog differs is that attacks are more laser focused and shorter lived than typical APTs, according to Kaspersky Lab.
The vendor had the following in its report: Perhaps one of the most important aspects of the Icefog C&Cs is the “hit and run” nature. The attackers would set up a C&C, create a malware sample that uses it, attack the victim, infect it, and communicate with the victim machine before moving on. The shared hosting would expire in a month or two and the C&C disappears. [...]
-- Find the best InfoSec talent without breaking your recruiting budget! Post a Job, $99 for 31 days. Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Current thread:
- Icefog hit-and-run hackers uncovered in Asia InfoSec News (Sep 26)