Researchers at Kaspersky laboratory confirm to have identified a group of cyber mercenaries called “Icefog” that may be responsible for a huge cyber espionage campaign, which occured in 2011, against Japanese parliament and dozens of agencies and strategic companies in Japan and South Korea.
The cyber mercenaries are recruited by governments and private companies. According to Kaspersky, the group is compiled of highly skilled hackers able to conduct sophisticated attacks.
“What we have here is the emergence of small groups of cyber-mercenaries available to perform targeted attacks,” “We actually believe they have contracts, and they are interested in fulfilling whatever the contract requirements are,” declared Kaspersky’s research director, Costin Raiu, in an interview with Reuters.
The name “Icefog” was taken from a string used in the command-and-control server, found in one of the malware samples.
Kaspersky published a elaborate report on the Icefog operations, its researchers localized and examined the command and control hosts applied by the attackers describing the techniques adopted, identifying the victims of the attacks and the information gathered.
The Icefog group relies on spear-phishing and exploits for known vulnerabilities in addition to using social engineering techniques to deceive victims. The documents used in the attacks are specifically crafted for the victims offering content of interest.
Based on the list of IPs used to control the infrastructure the Kaspersky Lab specialists uncovered some of the attackers are either based in China, South Korea, Japan.