14 DAY TRIAL // Cyber espionage activity has become a common thing these days, but the way the threat actors run the attacks is still quite interesting, especially in the case of those that have been in the business for almost a decade.
Security researchers at Trend Micro were given the opportunity to analyze incidents of a group that has been on the security stage since 2007, whose attacks they dubbed Operation Pawn Storm, named so after the chess offensive action, where multiple pawns are pushed into the defenses of the adversary.
Multiple attacks from the group have been recorded this year
The threat actors rely on several tools and tactics to penetrate the defenses of the victim; it has been observed that a piece of malware called Sednit / Sofacy is pushed through multiple spear-phishing emails.
In the most recent event involving Sednit, the threat was distributed through browser-based attacks on legitimate Polish websites that would redirect to the payload hosting location (defenceiq . us). This would create the impression that Operation Pawn Storm targeted a large number of visitors, but the bad actors would actually infect only the targets on their list.
Two different attacks signed by the group occurred in mid-July, when Polish government websites were injected with a malicious iframe, and one in September, directed at Japanese targets.
The cyber espionage component is evident
As far as the sectors the operators are interested in, these include military agencies, embassies, and defense contractors in the US and its allies, opposition politicians and dissidents of the Russian government, international media, and the national security unit of a US ally.
The group behind Operation Pawn Storm is sophisticated and generally resorts to spear-phishing to increase the success of the infection.
Multiple downloaders are used in order to escape detection; if one is discovered, there is a chance that other will continue to work, allowing the attackers a foothold in the targeted organization.
“We believe the threat actors aimed to confuse their targets’ IT administrators by making it hard for them to string attack components together, thus evading detection,” the report on Wednesday from the company says.
Trend Micro notes that “the threat actors used a combination of proven targeted attack staples to compromise systems and get in to target networks — exploits and data-stealing malware,” which goes to show that the battle between the hats is far from being over, and more interesting attacks are waiting ahead.