Attackers Use Keyloggers, Email to Steal Data in "NightHunter" Attacks

  • 11 July 2014
  • 1 reply
  • 407 views

Userlevel 7
By Eduard Kovacs on July 11, 2014
 
Researchers have been monitoring the activities of a cybercriminal group that has been harvesting login credentials from the computers of various organizations across the world.
According to security firm Cyphort, which has dubbed the campaign "NightHunter" because of the stealthy methods used to exfiltrate data, the operation has been active since 2009, but it wasn't detected until recently.
The attackers have been stealing Google, Yahoo, Facebook, Skype, Dropbox, Amazon, Yahoo, Hotmail, LinkedIn, Rediff and banking credentials from a wide range of organizations, including in sectors like energy, health, insurance, education and even charities, Cyphort said.
The security firm has not been able to determine what the attackers are doing with the stolen information, but believes that they could be using it to prepare for targeted attacks, including extortion, espionage or bank fraud.
 
SecurityWeek/ full read here/ http://www.securityweek.com/attackers-use-keyloggers-email-steal-data-nighthunter-attacks

1 reply

Userlevel 7
Badge +54
It is a bit worrying that this campaign has continued unhindered since 2009.
 
 
By paganinip on July 13th, 2014
 
"Users’ credentials for principal web services including social networks, cloud storage and email service providers are precious commodities on the underground, security experts are aware of numerous cyber attacks which are conducted to gather this information.
The motivation of the bad actors behind NightHunter campaign are not clear and also the nature of the attackers (e.g. cyber criminals or hacktivists), anyway credentials for principal web services could be used by attackers for numerous illegal activities, to arrange a spam campaign or to control a Botnet hiding settings in a DropBox folder.The NightHunter campaign uses SMTP email for syphon data as explained in the blog post:
“NightHunter uses SMTP (email) for data exfiltration instead of more common CnC mechanisms that use web protocols. This could be to simply “hide (and steal data) in the plain sight” as organizations beef up web anomaly detection for dealing with advanced attacks.”" Full Article
 

Reply