Researchers at Kaspersky Lab have uncovered a highly targeted attack campaign called Icefog that has been active for nearly two years, ensnaring victims with tainted attachments in illicit emails or by way of drive-by attacks from malicious websites, and is likely part of a hacker-for-hire operation.
Kaspersky’s Kurt Baumgartner revealed the company’s analysis of Icefog at the Billington Cybersecurity Summit in Washington, D.C., and it is suspected that the targeted attack campaign is responsible for infecting systems belonging to several South Korean and Japanese government agencies, media outlets, and corporations.
“We’ve entered the era of a growing number of these smaller, agile groups hired on a per-project basis… The operational improvements have arrived and these polished APT groups become much better at flying under the radar,” said Baumgartner.
Unlike similar espionage campaigns that have been uncovered previously, Icefog operators appear to know exactly who they want to target and what specific information they are after, and once the data is pilfered they most often move on to another victim, which made it more difficult to discover the attacks.
“There’s a team of operators that are being very selective and going after exactly what they need. It’s classic APT behavior. They likely have previous knowledge of the networks and targets,” Baumgartner said.
Six variants of the malicious agent employed by Icefog have been identified thus far by Kaspersky Lab’s Global Research and Analysis Team, and they include Windows and Mac OS X versions.
Read More Here…