State-Backed Cyber-Actors Utilize Web Analytics to do Surveys, Finds FireEye

FireEye the cyber security company has said that cyber-actors who allegedly get sponsorship from nation-states have been found utilizing web analytic software for executing inspection. Cbronline.com reported this, November 16, 2015.

The company has spotted cyber-actors who've been mixing custom scripts with publicly and freely obtainable software for keeping watch over Internet-users' activities even as they remain unawares.

The data is of Internauts accessing more than 100 websites that as per FireEye got chosen to be compromised for acquiring admission into the systems of the sites' audience.

The sites getting attacked are although legitimate; however, they're selected exclusively. Each of them has an inherent HTML script on its homepage while its subsidiary pages are altered for being compromised again and forming another website which backs certain profiling program called WITCHCOVEN. This program gathers browser and computer configuration of the victim and plants one permanent tracking cookie named "supercookie" onto his system.

FireEye states it believes the con artists examine the gathered database for recognizing distinct end-users who're matched with details regarding their PC for subsequent planting of exploits that are customized to their PC as well as specific software configurations.

To cite an instance, suppose the attackers get to know of a targeted user working with obsolete software which has critical security flaws then they can without any difficulty compromise his system with existing exploits devoid of requiring pushing 0-day exploits. Possibly 0-days are employed solely against a few victims who've all patches on their PCs.

The above tactic was recently utilized within targeted operations that different APT gangs conducted specially, APT28 the Russian gang for Operation Russian Doll and APT3 the Chinese group for Operation Clandestine Wolf.

The data that WITCHCOVEN collected is as well suitable to craft spear phishing electronic mails to create a fake end-user profile for use in conventional cyber-spying while collating a list of probable targets.

A few hijacked online sites indicate that attackers likely are especially interested in people who've links with one prominent energy company/embassies/cultural organizations in Russia, the border guards and security services of Ukraine as well as a media company of the Georgian Republic.

» SPAMfighter News - 11/23/2015