Kaspersky reports on a new trend in APT — cyber-mercenaries who perform surgical hit and run operations.  In its report, The “Icefog” APT: A Tale of Cloak and Three Daggers, Kaspersky discusses the focus with which the Icefog attackers work.  Kaspersky provides this summary of Icefog:

  • The attackers rely on spear-phishing and exploits for known vulnerabilities (eg. CVE-2012-0158, CVE-2012-1856, CVE-2013-0422 and CVE-2012-1723). The lure documents used in the attacks are specific to the target’s interest …;
  • Based on the profiles of known targets, the attackers appear to have an interest in the following sectors: military, shipbuilding and maritime operations, research companies, telecom operators, satellite operators, mass media and television.
  • Research indicates the attackers were interested in targeting defense industry contractors such as Lig Nex1 and Selectron Industrial Company, ship-building companies such as DSME Tech, Hanjin Heavy Industries or telecom operators such as Korea Telecom.
  • The attackers are hijacking sensitive documents and company plans, e-mail account credentials, and passwords to access various resources inside and outside the victim’s network.
  • During the operation, the attackers are using the “Icefog” backdoor set (also known as “Fucobha”). Kaspersky Lab identified versions of Icefog for both Microsoft Windows and Mac OS X.
  • While in most other APT campaigns, victims remain infected for months or even years and attackers are continuously exfiltrating data, Icefog operators are processing victims swiftly and in a surgical manner — locating and copying only specific, targeted information. Once the desired information is obtained, they abandon the infection and move on.
  • In most cases, the Icefog operators appear to already know very well what they need from the victims. They look for specific file names, which are identified and transferred to the C&C.

Cyberspies need to infiltrate their targets.  They use spearphishing to infiltrate their targets.  In spearphishing the attacker attacks the systems through the human users by sending highly targeted emails to the users.  These highly targeted emails deceive the user into compromising his system.  The FBI calls spearphishing the #1 attack method.

Humans’ email decisions can compromise security.  IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.