By Jimmy Nicholls| 10 December 2014 Smartphone users from government, finance and engineering hit with malware payload.
Hackers are exploiting cloud infrastructure to launch cyber-attacks against governments and financial groups, according to the security company Blue Coat.
Users of Apple, Android and Blackberry devices were all targeted by the advanced persistent threat (APT) researchers have named Inception, which focuses on those working for embassies, military agencies and engineering firms, among other industries.
Snorre Fagerland and Waylon Grange, security researchers at Blue Coat, said: "The framework is notable for a number of reasons, including its use of a cloud-based infrastructure for command and control, and its use of the WebDAV [collaboration] protocol to send instructions and receive exfiltrated information from compromised systems."
Full Article
Hackers exploit cloud to host C&C servers
Userlevel 7
+54
Userlevel 7
+54
Quite a bit more information here.
12/10/2014 Jai Vijayan
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
An international group of criminals, dubbed "Inception" by the security firm that uncovered them, has been carrying out a sophisticated cyber espionage campaign directed primarily at companies in Russia or with interests in that country.
Targets of the group’s campaign include top executives in companies from the oil, finance, and engineering sectors, as well as military, government, and embassy officials from several countries, security firm Blue Coat Labs said in a report released Wednesday. Companies in Russia, Romania, Venezuela, and Mozambique and embassies and diplomatic offices in Paraguay, Romania, and Turkey have been hit by the group’s expanding campaign.
Full Article
12/10/2014 Jai Vijayan
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
An international group of criminals, dubbed "Inception" by the security firm that uncovered them, has been carrying out a sophisticated cyber espionage campaign directed primarily at companies in Russia or with interests in that country.
Targets of the group’s campaign include top executives in companies from the oil, finance, and engineering sectors, as well as military, government, and embassy officials from several countries, security firm Blue Coat Labs said in a report released Wednesday. Companies in Russia, Romania, Venezuela, and Mozambique and embassies and diplomatic offices in Paraguay, Romania, and Turkey have been hit by the group’s expanding campaign.
Full Article
Userlevel 7
By Brian Prince on December 10, 2014
Researchers at Blue Coat Systems have identified a stealthy cyber-espionage framework that has been used to target organizations around the world.
The framework, dubbed Inception, has been linked to attacks on individuals in industries ranging from oil to finance as well as government and military officials. When the attacks began, they focused on targets located in Russia or related to Russian interests. Since then however, the attacks have spread to other locations around the globe, according to Blue Coat (PDF).
But the most interesting aspect of Inception may not necessarily be the targets, but the sneaky way the attackers went about their business by leveraging home routers and a cloud service for obfuscation.
The attackers have been using CloudMe.com, a cloud service provider based in Sweden, for its main command-and-control infrastructure. CloudMe.com offers both free and paid WebDAV cloud storage, and the attackers leverage the WebDAV protocol to send instructions and receive exfiltrated data from compromised systems. This hides the identity of the attacker and can bypass many current detection mechanisms, according to Blue Coat.
full article
Researchers at Blue Coat Systems have identified a stealthy cyber-espionage framework that has been used to target organizations around the world.
The framework, dubbed Inception, has been linked to attacks on individuals in industries ranging from oil to finance as well as government and military officials. When the attacks began, they focused on targets located in Russia or related to Russian interests. Since then however, the attacks have spread to other locations around the globe, according to Blue Coat (PDF).
But the most interesting aspect of Inception may not necessarily be the targets, but the sneaky way the attackers went about their business by leveraging home routers and a cloud service for obfuscation.
The attackers have been using CloudMe.com, a cloud service provider based in Sweden, for its main command-and-control infrastructure. CloudMe.com offers both free and paid WebDAV cloud storage, and the attackers leverage the WebDAV protocol to send instructions and receive exfiltrated data from compromised systems. This hides the identity of the attacker and can bypass many current detection mechanisms, according to Blue Coat.
full article
Userlevel 7
+54
There is a lot more information here about the lead article. One interesting snippet is this "The paper also noted that the attack has evolved (from its first appearance in 2013, when it was named "Red October" by Kaspersky Labs)"
See also - Red October Attackers Return With CloudAtlas APT Campaign
By Daniel Eran Dilger
Thursday, December 11, 2014
A vast and sophisticated new espionage campaign targeting diplomats, discovered by Blue Coat Labs and confirmed by Kaspersky Labs, exploits flaws in Microsoft Windows and seeks to infect Android, Blackberry and iOS devices, but is limited to only infecting iPhones and iPads that are jailbroken.
The newly discovered malware network was covered in detail in a report by Dan Goodin of ArsTechnica, prominently naming "diplomats iPhone's" in the headline, along with "Androids and PCs," as being targeted by the attack.
The malware, targeting diplomats in an "international espionage campaign that's so sophisticated and comprehensive that it could only have been developed with the backing of a well resourced country," was described by the article as targeting "devices running Windows, Android, BlackBerry and iOS," but no mention of the fact was made that the malware itself can't be installed on iOS unless the device has been jailbroken first.
Blue Coat, which coined the name "Inception," based on the stealthy attack's "extremely advanced" layers of obfuscation to hide the identity of the attackers, also addressed iOS as being a target in the campaign in its blog posting without making any mention of the fact that iOS devices need to have their security turned off via jailbreak in order to fall victim to the attack.
Full Article
See also - Red October Attackers Return With CloudAtlas APT Campaign
By Daniel Eran Dilger
Thursday, December 11, 2014
A vast and sophisticated new espionage campaign targeting diplomats, discovered by Blue Coat Labs and confirmed by Kaspersky Labs, exploits flaws in Microsoft Windows and seeks to infect Android, Blackberry and iOS devices, but is limited to only infecting iPhones and iPads that are jailbroken.
The newly discovered malware network was covered in detail in a report by Dan Goodin of ArsTechnica, prominently naming "diplomats iPhone's" in the headline, along with "Androids and PCs," as being targeted by the attack.
The malware, targeting diplomats in an "international espionage campaign that's so sophisticated and comprehensive that it could only have been developed with the backing of a well resourced country," was described by the article as targeting "devices running Windows, Android, BlackBerry and iOS," but no mention of the fact was made that the malware itself can't be installed on iOS unless the device has been jailbroken first.
Blue Coat, which coined the name "Inception," based on the stealthy attack's "extremely advanced" layers of obfuscation to hide the identity of the attackers, also addressed iOS as being a target in the campaign in its blog posting without making any mention of the fact that iOS devices need to have their security turned off via jailbreak in order to fall victim to the attack.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.