Hackers Operating Dust Storm Attack Critical Infrastructure of Japan
A threat group which has attacked many targets, including defense agencies of US since 2010, has now focused all its efforts on critical infrastructure of Japan. As per the researchers of the Cylance SPEAR Team, the cyber espionage group has not been "disruptive or destructive" till now, but they have quietly, persistently lurking within transportation, power, construction, oil/gas, and finance industries of Japan.
Cylance reveals that before shifting their focus on Japanese victims; organizations of South Korea, US, China, and several countries of Europe are also targeted by the group.
Considering the duration, apparent focus and persistence of the group, the Cylance SPEAR team thinks that it is nation state-backed, however refused to speculate the name of the country. Though, China would be an apparent choice in view of the focus on Japanese entities.
Moreover, the group has become more sophisticated while infecting targets by using waterholes, spear phishing, unique zero-day variants and unique backdoors to break defenses.
Infosecurity-magazine.com posted on February 24th, 2016, stating an example where it designed an exclusive S-Type backdoor variant to infect a car-maker of Japan last year, and likewise been actively focusing on Android devices with customized backdoors.
Till now, the breaches do not seem to have sabotaged actually. Fitzgerald said, that they can say from their observation that the compromise has only shown the ability to remain undetected in the long-term, and not able to confirm about any damage to the organisations till now. Further he said that, "what we do know is that the attack methods used, which gain access to computers and their networks, would enable them to cause damage or steal data should they desire".
Operation Dust Storm returned strongly as ever, and following a sequence of simple watering hole attacks through an Internet Explorer zero-day amid 2014, it began moving all its efforts on Japanese targets from 15th February.
This also happened when the group started using a backdoor for the first time, and spying utilities focusing on Android devices.
Researchers of Cylance explain that the campaign has used malware, which is customized for specific target organizations. Attacks have used waterholes, spear phishing, unique zero-day variants and unique backdoors, among others, to breach mobile devices that are Android-based and corporate networks.
» SPAMfighter News - 3/4/2016