Kaspersky Lab uncovers “Icefog” online espionage campaign

Kaspersky Lab uncovers “Icefog” online espionage campaign

Security vendor traces attacks on South Korean and Japanese targets to a group

Kaspersky Lab has ousted a group of hackers that have been focusing on targets in South Korea and Japan.

Dubbed “Icefog”, the for-hire group has carried out advanced persistent threats (APT) aimed at disrupting the supply chains of Western companies.

These surgical hit-and-run attacks have been traced back by Kaspersky Labs as far as the beginning of 2011.

Kaspersky Lab global research and analysis team director, Costin Raiu, said the attacks by the group have been increasing in size and scope over the last few years.

“The ‘hit and run’ nature of the Icefog attacks demonstrate a new emerging trend of smaller hit-and-run gangs that go after information with surgical precision,” he said.

An attack may typically last for a few days or weeks until the group obtains what they were looking for and leave without leaving a trace.

“In the future, we predict the number of small, focused ‘APT-to-hire’ groups to grow, specialising in hit-and-run operations,” he said, said.

Down the sinkhole

Based on the attacks carried out so far, Kaspersky Lab has found that the group has shown an interest in sectors such as military, maritime, computer, research, telecom, satellite, mass media and television.

Kaspersky Lab ANZ managing director, Andrew Mamonitis, said that corporate networks were used in the case of Icefog as a platform to access other network channels.

“In most cases, auxiliary companies have more relaxed security parameters in place despite holding valuable data about the parent target,” he said.

“It is these secondary business service providers across all levels of the corporate chain which are most vulnerable to external breaches.”

Mamonitis said sinkhole connections are not limited to just Japan and South Korea, and have been observed in countries such as Australia.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags advanced targeted attacksAPT attackskaspersky labs


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Show Comments