'Icefog' spying operation targeted Japan, South Korea

Kaspersky Lab says the Icefog attackers appeared to know what files they needed from victims

Kaspersky Lab says a hacking campaign called Icefog targeted organizations in Japan and South Korea with phishing emails laden with malware.

Kaspersky Lab says a hacking campaign called Icefog targeted organizations in Japan and South Korea with phishing emails laden with malware.

A hacking group that targeted Japan's parliament in 2011 is believed to have conducted nimble data thefts against organizations mainly in South Korea and Japan, including defense contractors, over the past two years.

The "Icefog" hackers probed victims one by one, carefully copying select files and then exiting the systems, according to security vendor Kaspersky Lab, which released a 68-page report on the group Wednesday.

"The nature of the attacks was also very focused," Kaspersky wrote. "In many cases, the attackers already knew what they were looking for."

Over the past several years, security analysts have noticed an uptick in so-called "advanced persistent threat" (APT) attacks, where interlopers plant stealthy malware on networks for cyber spying.

"In the future, we predict the number of small, focused APT-to-hire groups to grow, specializing in hit-and-run operations, a kind of 'cyber mercenaries' of the modern world," the report said.

Kaspersky did not name the organizations that were victimized, but did name a few targeted by Icefog. A private report with more information is available to governments, the company said.

Those targeted included the defense contractors Lig Nex1 and Selectron Industrial Company; two shipbuilding companies, DSME Tech and Hanjin Heavy Industries; Korea Telecom, Fuji TV and the Japan-China Economic Association. Kaspersky said the naming of those companies did not imply the Icefog attacks were successful.

Icefog was detected in 2011 after the group targeted Japan's parliament, and its campaign has continued through this year, Kaspersky said.

Based on where the stolen data was transferred to, Kaspersky wrote the attackers are assumed to be in China, South Korea and Japan.

The hackers target victims by email, sending malicious attachments or links to websites that will attack the victim's computer if it has software vulnerabilities in programs such as Microsoft Word, Adobe Reader or within the operating system.

Mac OS X systems are also targeted. Kaspersky counted 4,500 IP addresses that were infected, which belonged to more than 430 victims. The Macfog malware, which purported to be a graphics application, popped up late last year on several Chinese-language forums.

"The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide," the report said.

Once a computer has been compromised, the hackers upload malicious tools and backdoors. They look for email account credentials, sensitive documents and passwords to other systems, Kaspersky said.

After the hackers find what they're looking for, the Icefog attackers tend to exit the systems.

"The 'hit and run' nature of this operation is one of the things that make it unusual," the report said. "While in other cases, victims remain infected for months or even years, and data is continuously exfiltrated, the Icefog attackers appear to know very well what they need from the victims."

Tags intrusionsecuritydata breachdata protectionkaspersky labmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?