Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

‘Operation Pawn Storm’ Cyber-Espionage Campaign Hits Organizations

Researchers at Trend Micro today released a paper on a cyber-espionage operation targeting military, government and media organizations around the world.

Researchers at Trend Micro today released a paper on a cyber-espionage operation targeting military, government and media organizations around the world.

The group behind the operation is believed to have been active since at least 2007 and continues to launch new campaigns against targets throughout the world, including the United States. In June 2014 they compromised government websites in Poland and last month infected the website for Power Exchange in Poland as well.  

“The cyber criminals behind Operation Pawn Storm are using several different attack scenarios: spear-phishing emails with malicious Microsoft Office documents lead to SEDNIT/Sofacy malware, very selective exploits injected into legitimate websites that will also lead to SEDNIT/Sofacy malware, and phishing emails that redirect victims to fake Outlook Web Access login pages,” explained Trend Micro Senior Threats Researcher Jim Gogolinski.

“Our investigation into Pawn Storm has shown that the attackers have done their homework,” he added. “Their choices of targets and the use of SEDNIT malware indicate the attackers are very experienced; SEDNIT has been designed to penetrate their targets’ defenses and remain persistent in order to capture as much information as they can.”

Advertisement. Scroll to continue reading.

The spear-phishing emails sent by Pawn Storm attackers can be very target specific. For example, in one instance, a spear-phishing email was sent to just three employees of the legal department of a billion-dollar multinational firm, Gogolinski blogged.

“The e-mail addresses of the recipients are not advertised anywhere online,” he noted. “The company in question was involved in an important legal dispute, so this shows a clear economic espionage motive of the attackers.”

In Trend Micro’s report, the researchers note that the attackers used a mix of spear-phishing emails and specially-crafted webmail service phishing websites to gain access to victims’ inboxes. The goal of the attackers was to get a foothold in the target organizations. To avoid raising suspicions, the attackers used well-known events and conferences such as the Asia-Pacific Economic Cooperation (APEC) Forum and the Middle East Homeland Security Summit 2014 as part of social engineering schemes designed to trick their targets.

“Apart from effective phishing tactics, the threat actors used a combination of proven targeted attack staples to compromise systems and get in to target networks—exploits and data-stealing malware. SEDNIT variants particularly proved useful, as these allowed the threat actors to steal all manners of sensitive information from the victims’ computers while effectively evading detection,” according to the report.

The report can be read here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...