07-11-2014 03:42 PM
By Eduard Kovacs on July 11, 2014
Researchers have been monitoring the activities of a cybercriminal group that has been harvesting login credentials from the computers of various organizations across the world.
According to security firm Cyphort, which has dubbed the campaign "NightHunter" because of the stealthy methods used to exfiltrate data, the operation has been active since 2009, but it wasn't detected until recently.
The attackers have been stealing Google, Yahoo, Facebook, Skype, Dropbox, Amazon, Yahoo, Hotmail, LinkedIn, Rediff and banking credentials from a wide range of organizations, including in sectors like energy, health, insurance, education and even charities, Cyphort said.
The security firm has not been able to determine what the attackers are doing with the stolen information, but believes that they could be using it to prepare for targeted attacks, including extortion, espionage or bank fraud.
SecurityWeek/ full read here/ http://www.securityweek.com/attackers-use-keylogge
07-13-2014 04:30 AM
It is a bit worrying that this campaign has continued unhindered since 2009.
By paganinip on July 13th, 2014
"Users’ credentials for principal web services including social networks, cloud storage and email service providers are precious commodities on the underground, security experts are aware of numerous cyber attacks which are conducted to gather this information.
“NightHunter uses SMTP (email) for data exfiltration instead of more common CnC mechanisms that use web protocols. This could be to simply “hide (and steal data) in the plain sight” as organizations beef up web anomaly detection for dealing with advanced attacks.”"