U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Operation Pawn Storm is targeting military, government and media agencies

Trend Micro discovered a cyber-espionage operation dubbed  Operation Pawn Storm, which is targeting military, government and media entities worldwide. A new cyber espionage operation targeting military, government and media agencies on a global scale has been discovered by security experts at Trend Micro. Also in this case it seems that the threat actors behind the operation, dubbed […]

Operation Pawn Storm is targeting military, government and media agencies

Trend Micro discovered a cyber-espionage operation dubbed  Operation Pawn Storm, which is targeting military, government and media entities worldwide.

A new cyber espionage operation targeting military, government and media agencies on a global scale has been discovered by security experts at Trend Micro. Also in this case it seems that the threat actors behind the operation, dubbed Operation Pawn Storm, have been active since at least 2007 and are still running several attacks worldwide.

“Pawn Storm is an active economic and political cyber-espionage operation targeting a wide range of entities, mostly those related to the military, governments, and media. Specific targets include:

  • Military agencies, embassies, and defense contractors in the US and its allies
  • Opposition politicians and dissidents of the Russian government
  • International media
  • The national security department of a US ally

states Trend Micro in a blog post.

In June 2014 the hackers compromised government websites in Poland and last month they injected a malware in the website for Power Exchange in Poland.  The attackers run different attack scenarios ranging from classis spear-phishing to watering hole attacks, in both cases to serve the SEDNIT malware. 

“The cyber criminals behind Operation Pawn Storm are using several different attack scenarios: spear-phishing emails with malicious Microsoft Office documents lead to SEDNIT/Sofacy malware, very selective exploits injected into legitimate websites that will also lead to SEDNIT/Sofacy malware, and phishing emails that redirect victims to fake Outlook Web Access login pages,” states Trend Micro in a blog post.

The experts consider the attacks as surgery operations, in some cases spear-phishing emails targeted a restricted number of individuals. The attackers also adopted as attack vector a collection of malicious iframes pointing to very selective exploits, the technique was used for the attack against the Polish government websites.

SEDNIT Operation Pawn Storm

The post explains that in an attack on  billion-dollar multinational firm the group behind the Operation Pawn Storm reached via email just three employees.

“The e-mail addresses of the recipients are not advertised anywhere online,” he noted. “The company in question was involved in an important legal dispute, so this shows a clear economic espionage motive of the attackers.”

The malware analysts believe that the bad actors behind the Operation Pawn Storm have great cyber capabilities and their operation are financially motivated. The experts consider very interesting the malware they designed to compromise targets and remain persistent in their network to syphon sensitive data.

“Our investigation into Pawn Storm has shown that the attackers have done their homework,” said Jim Gogolinski, Senior Threats Researcher at Trend Micro. “Their choices of targets and the use of SEDNIT malware indicate the attackers are very experienced; SEDNIT has been designed to penetrate their targets’ defenses and remain persistent in order to capture as much information as they can.”

The hackers also adopted a very effective technique for their phishing campaigns, to avoid raising suspicions in fact, they used well-known events and conferences such as the Asia-Pacific Economic Cooperation (APEC) Indonesia 2013 and the Middle East Homeland Security Summit 2014 as bait.

Trend Micro has disclosed the details of its investigation in research in a paper titled “Operation Pawn Storm.”

Pierluigi Paganini

(Security Affairs – Operation Pawn Storm, cyber espionage)