The world of Advanced Persistent Threats (APTs) is well known.
Skilled adversaries compromising high-profile victims and stealthily
exfiltrating valuable data over the course of many years. Such teams
sometimes count tens or even hundreds of people, going through
terabytes or even petabytes of exfiltrated data.
Although there has been an increasing focus on attribution and
pinpointing the sources of these attacks, not much is known about a
new emerging trend: the smaller hit-and-run gangs that are going
after the supply chain and compromising targets with surgical
precision.
Since 2011 we have been tracking a series of attacks that we link to
a threat actor called 'Icefog'. We believe this is a relatively
small group of attackers that are going after the supply chain -
targeting government institutions, military contractors, maritime
and ship-building groups, telecom operators, satellite operators,
industrial and high technology companies and mass media, mainly in
South Korea and Japan. This Icefog campaigns rely on custom-made
cyber-espionage tools for Microsoft Windows and Apple Mac OS X. The
attackers directly control the infected machines during the attacks;
in addition to Icefog, we noticed them using other malicious tools
and backdoors for lateral movement and data exfiltration.
via [1]The Icefog APT: A Tale of Cloak and Three Daggers - Securelist.
__________________________________________________________________
My original entry is here: [2]The Icefog APT: A Tale of Cloak and Three
Daggers - Securelist. It posted Fri, 27 Sep 2013 16:00:26 +0000.
Filed under: apt, InfoSec,
References
1.
https://www.securelist.com/en/blog/208214064/The_Icefog_APT_A_Tale_of_Cloak_and_Three_Daggers
2.
https://www.prjorgensen.com/2013/09/27/the-icefog-apt-a-tale-of-cloak-and-three-daggers-securelist/
