New spy software infected military, media and educational institutions in the U.S., Turkey, Israel and UK.
A digital security firm on Tuesday published its discovery of a cyber-espionage campaign infecting computers in at least 10 countries that it attributes to political interests operating within Lebanon.
Israel-based Check Point Software Technologies claims the spying campaign, which it has named "Volatile Cedar,” was first launched three years ago. Check Point said it found infected systems in the U.S., UK, Israel and Turkey.
Confirmed targets include computer systems of defense contractors, media outlets, telecommunication companies and educational institutions.
Check Point said evidence suggests the spyware originated in Lebanon.
"Malware attribution is often tricky and deception-prone,” Check Point’s security experts Yaniv Balmas and Irena Damsky wrote in a blog post Tuesday. "With that in mind, investigation of the evidence leads us to suspect Volatile Cedar originates from Lebanon (hence its nickname). Moreover, the Volatile Cedar target vertical distribution strongly aligns with nation-state/political-group interests, eliminating the possibility of financially motivated attackers.”
Lebanon is known for its cedar trees.
The sophistication of the software led Check Point to believe a Lebanese government agency or a high-ranking political party were the creators of Volatile Cedar.
Even though the coding behind Volatile Cedar is not particularly innovative, the fact that it operated undetected since 2012 shows that high-caliber cyber espionage is no longer restricted to players like the U.S., Russia and China.
The attackers used the malware to harvest confidential information, but concealed their efforts by choosing extremely specific targets and building updated "versions” of the software.
"The modus operandi for this attacker group initially targets publicly facing web servers, with both automatic and manual vulnerability discovery,” Balmas and Damsky continued. "Once in control of a server, the attackers further penetrate the targeted internal network via various means, including manual online hacking as well as an automated USB infection mechanism.”
Check Point said it was passing on its knowledge to security software manufacturers to hopefully end Volatile Cedar’s success.
Source : - http://bit.ly/1CwGrSO
No comments:
Post a Comment