Feeds

Cyberspies blast Icefog into US targets' backdoors

You dirty RATs

5 things you didn’t know about cloud backup

Miscreants behind a cyberespionage campaign have changed their methods to take advantage of Java-based malware.

The Icefog APT (advanced persistent threat), discovered in September 2013, continues to be a problem, this time utilising a Java backdoor, according to the latest analysis of the threat by security researchers at Kaspersky Labs.

Analysts at the Russian security firm have observed three unique victims of “Javafog”, all of them in the US. One of the victims is a very large American independent oil and gas corporation, with operations in many other countries.

The threat first arose in 2011 with attacks against supply chain organisations to government institutions, military contractors, maritime and ship-building groups mainly in Japan and South Korea. This run of attacks featured spear phishing and malware targeting Mac and Windows machines as part of a hit-and-run campaign that didn't rely on siphoning off information from victims over an extended period.

The attackers behind the campaign went dark, shutting down all known command-and-control servers, after their campaign was exposed last September, only to resurface with a new run of attacks using a different Java-based attack vector, detected by Kaspersky analysts over recent weeks.

Java-based malware is less widely used than either Windows or Mac executables, and can be harder to spot, according to Kasperky researchers. This added stealth could explain the switch by attackers to the write-once-run-anywhere programming language.

"We observed the attack commencing by exploiting a Microsoft Office vulnerability, followed by the attackers attempting to deploy and run Javafog, with a different C&C," Kaspersky researchers explain in a blog post on the latest manifestation of the threat. "We can assume that based on their experience, the attackers found the Java backdoor to be more stealthy and harder to notice, making it more attractive for long term operations."

A detailed rundown of the Icefog use of a Java backdoor against US targets can be found in a blog post, complete with code snippets and samples, by Kaspersky Labs here.

All generations of the threat bear the hallmarks of state-manufactured malware rather than something geared towards conventional cybercrime but Kasperky Labs researchers are not speculating on its possible origins.

Dana Tamir, director of enterprise security at IBM-owned Trusteer, an IBM company, said Java has numerous vulnerabilities that can be exploited to deliver malware and compromise users' machines.

"Because organisations can't eliminate Java from their environments, it is not surprising that adversaries and cyber-criminals are using malicious Java code to infiltrate them."

To prevent Java exploits and malware-based infiltrations, it is important to restrict execution only to known trusted Java files. Since organisations struggle to manage and maintain a complete list of all known trusted files, they should at least restrict execution to "files that have been signed by trusted vendors, or downloaded from trusted domains," she added. ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?