{"id":1055,"date":"2013-09-30T17:58:16","date_gmt":"2013-09-30T17:58:16","guid":{"rendered":"http:\/\/business.kaspersky.com\/?p=1055"},"modified":"2018-09-18T10:01:29","modified_gmt":"2018-09-18T14:01:29","slug":"icefog-a-long-running-cyber-espionage-campaign","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/icefog-a-long-running-cyber-espionage-campaign\/1055\/","title":{"rendered":"Icefog: A long-running cyber-espionage campaign"},"content":{"rendered":"<p>When a new high-profile attack is revealed\u2013whether it\u2019s a technology company, a government agency or a financial institution that\u2019s targeted\u2013the attention often focuses on the victim and what the attackers may have stolen. But, as a new <a href=\"http:\/\/www.securelist.com\/en\/blog\/208214064\/The_Icefog_APT_A_Tale_of_Cloak_and_Three_Daggers\" target=\"_blank\" rel=\"noopener nofollow\">report<\/a> by Kaspersky Lab researchers on a long-running cyber-espionage operation shows, the attacks we find out about may just be part of a much larger chain of intrusions.<\/p>\n<p>The attackers in the newly discovered campaign, known as <a href=\"https:\/\/threatpost.com\/icefog-espionage-campaign-is-hit-and-run-targeted-operation\/102417\" target=\"_blank\" rel=\"noopener nofollow\">Icefog<\/a>, have been targeting organizations in a wide variety of industries in several countries, mainly in Japan and Korea. The victims have included companies from the US defense contractors\u2019 supply chain \u00a0(like Lig Nex1 that manufactures displays for U.S. fighter planes F15), shipbuilding companies, telecoms and media companies.<\/p>\n<p>The targeting methodology and modus operandi of the attackers suggest that they are working on hire, moving from target to target in order to get what they need for their customers and get out. They appear to know very well what they need from the victims. Basically, this kind of attackers come, steal what they want and leave. While in other cases, victims remain infected for months or even years, and data is continuously exfiltrated, the Icefog attackers appear to know very well what they need from the victims. Once the information is obtained, the victim is abandoned. The shortest amount of time the Icefog attackers spent in the victim\u2019s computer \u2013 few hours. Before leaving the network, they clean up the system, not to leave traces.<\/p>\n<p>The implications for businesses are troubling. Many companies rely on suppliers scattered around the world and have little or no visibility into their networks, operations or downstream supply chains. Trying to determine whether a given supplier or partner has been compromised or is a target for such an espionage campaign can be nearly impossible, leading to uncertainty. And researchers say that the attackers involved in operations such as Icefog don\u2019t discriminate by size, location or industry. If you have what they want, they\u2019ll find a way in, whether it\u2019s through your network or one of your partners. Moreover, going after supply chain seems logical, as in some cases, it\u2019s much easier for attackers to compromise contractor, than the main company directly.<\/p>\n<p>Kurt Baumgartner, a security researcher at Kaspersky Lab who was involved in the research on Icefog, said that the attackers often jump from one organization to another with seemingly no discernible pattern. This \u201cpuddle jumping\u201d methodology can make a well-planned attack campaign look like a random series of unconnected intrusions.<\/p>\n<p>\u201cIt\u2019s becoming harder to identify the patterns and connect them with one group,\u201d he said.<\/p>\n<p>Another trend is the emergence of \u201ccyber-mercenaries\u201d \u2013 organized groups of people conducting cyber-espionage\/cyber-sabotage activities on demand, after order of anyone who pays money. This is something new in the area of targeted attacks. And we expect this trend to grow in future, and more small groups of cyber-mercenaries will be available for hire to perform surgical hit and run operations<\/p>\n<p>For enterprises, which are always looking to reduce risk and avoid compromises, the need to be vigilant does not stop at their network perimeter. It now extends through supply chains, partners and everyone they do business with. Risk and attackers are everywhere.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When a new high-profile attack is revealed\u2013whether it\u2019s a technology company, a government agency or a financial institution that\u2019s targeted\u2013the attention often focuses on the victim and what the attackers<\/p>\n","protected":false},"author":53,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2994],"tags":[2035,2017],"class_list":{"0":"post-1055","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-business","7":"category-smb","8":"tag-cyber-espionage","9":"tag-endpoint-security"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/icefog-a-long-running-cyber-espionage-campaign\/1055\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/icefog-a-long-running-cyber-espionage-campaign\/1055\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/icefog-a-long-running-cyber-espionage-campaign\/1055\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/cyber-espionage\/","name":"Cyber Espionage"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/1055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=1055"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/1055\/revisions"}],"predecessor-version":[{"id":21214,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/1055\/revisions\/21214"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=1055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=1055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=1055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}