Showing results for 
Search instead for 
Did you mean: 

Attackers Use Keyloggers, Email to Steal Data in "NightHunter" Attacks

Community Leader

Attackers Use Keyloggers, Email to Steal Data in "NightHunter" Attacks

By Eduard Kovacs on July 11, 2014


Researchers have been monitoring the activities of a cybercriminal group that has been harvesting login credentials from the computers of various organizations across the world.

According to security firm Cyphort, which has dubbed the campaign "NightHunter" because of the stealthy methods used to exfiltrate data, the operation has been active since 2009, but it wasn't detected until recently.

The attackers have been stealing Google, Yahoo, Facebook, Skype, Dropbox, Amazon, Yahoo, Hotmail, LinkedIn, Rediff and banking credentials from a wide range of organizations, including in sectors like energy, health, insurance, education and even charities, Cyphort said.

The security firm has not been able to determine what the attackers are doing with the stolen information, but believes that they could be using it to prepare for targeted attacks, including extortion, espionage or bank fraud.


SecurityWeek/ full read here/

Community Leader

Silver VIP

NightHunter extensive data theft campaign has been active since 2009

It is a bit worrying that this campaign has continued unhindered since 2009.



By paganinip on July 13th, 2014


"Users’ credentials for principal web services including social networks, cloud storage and email service providers are precious commodities on the underground, security experts are aware of numerous cyber attacks which are conducted to gather this information.

The motivation of the bad actors behind NightHunter campaign are not clear and also the nature of the attackers (e.g. cyber criminals or hacktivists), anyway credentials for principal web services could be used by attackers for numerous illegal activities, to arrange a spam campaign or to control a Botnet hiding settings in a DropBox folder.
The NightHunter campaign uses SMTP email for syphon data as explained in the blog post:
NightHunter uses SMTP (email) for data exfiltration instead of more common CnC mechanisms that use web protocols. This could be to simply “hide (and steal data) in the plain sight” as organizations beef up web anomaly detection for dealing with advanced attacks.”"


Luminary Signature.png

2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security