sb-eu logo
Story image

New report details exploits of notorious cyberespionage group with EMEA targets

31 Jul 2017

ClearSky and Trend Micro have released a new report that details the movements of a notorious cyberespionage group.

Known as CopyKittens, the group appears to be politically-motivated and has increasingly been active in pursuing foreign espionage on strategic targets.

Its main targets are in countries such as Israel, Saudi Arabia, Turkey, The United States, Jordan, and Germany. Occasionally individuals in other countries are targeted as well as UN employees.

The group has been active since 2013 with targeted organisations including government institutions (such as Ministry of Foreign Affairs), academic institutions, defense companies, municipal authorities, sub-contractors of the Ministry of Defense and large IT companies.

"We've been tracking CopyKittens for four years and have become very intimate with its operations,” says Boaz Dolev, CEO at ClearSky Cyber Security.

“Our analysis gives indications about the group’s political motivations. Analysed within this context, these attacks deliver fresh insights."  

According to ClearSky and Trend Micro, the group’s main method of attack is to breach and weaponise online news outlets and general websites to act as vehicles for watering hole attacks.

An incident detailed in the report tells how members of the German Bundestag were compromised by watering holes lurking within several legitimate websites that had been hacked and linked to harmful third-party sites.

Another example accounts how a malicious email was sent from a breached account of an employee in the Ministry of Foreign Affairs within the Turkish Republic of Northern Cyprus to launch a massive spear phishing campaign, with victims receiving a highly-target message from a legitimate and known source with the intent to infect multiple targets in other government organisations around the world.

In a different case, a document that had likely been stolen from the Turkish Ministry of Foreign Affairs was used as a decoy to cripple government infrastructure.

ClearSky and Trend Micro have highlighted a specific quality behind the CopyKittens group, which acts as both a strength and a weakness.

The group is extremely persistent, despite the tendency to lack technological sophistication and operational discipline. While this has led to the success of many of its attacks, it has caused it to be relatively ‘noisy’ and made it easy to find, monitor and apply counter measures relatively quickly.

While the group has independently developed several new hacking tools, it also uses commercially available ones that are generally used for penetration testing, thus allowing the group to stay under the radar.

ClearSky and Trend Micro say while attacks from the group have been relatively small in terms of implications, unless users wise up to the advancing technologies it is only a matter of time before they cause substantial repercussions.

Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Lazarus Group linked to phishing attacks on cryptocurrency sector
In this case, the attacks were launched through a phishing document sent via LinkedIn to employees at the targeted organisation. This phishing document was styled to look like a job advertisement for a role in a blockchain company.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
California's CCPA now enforced worldwide
“The expansive reach of the CCPA and scope of data it covers can make compliance feel daunting to many,” comments ISACA Privacy Group member David Bowden.More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More