Kaspersky Lab has ousted a group of hackers that have been focusing on targets in South Korea and Japan.
Dubbed “Icefog”, the for-hire group has carried out advanced persistent threats (APT) aimed at disrupting the supply chains of Western companies.
These surgical hit-and-run attacks have been traced back by Kaspersky Labs as far as the beginning of 2011.
Kaspersky Lab global research and analysis team director, Costin Raiu, said the attacks by the group have been increasing in size and scope over the last few years.
“The ‘hit and run’ nature of the Icefog attacks demonstrate a new emerging trend of smaller hit-and-run gangs that go after information with surgical precision,” he said.
An attack may typically last for a few days or weeks until the group obtains what they were looking for and leave without leaving a trace.
“In the future, we predict the number of small, focused ‘APT-to-hire’ groups to grow, specialising in hit-and-run operations,” he said, said.
Down the sinkhole
Based on the attacks carried out so far, Kaspersky Lab has found that the group has shown an interest in sectors such as military, maritime, computer, research, telecom, satellite, mass media and television.
Kaspersky Lab ANZ managing director, Andrew Mamonitis, said that corporate networks were used in the case of Icefog as a platform to access other network channels.
“In most cases, auxiliary companies have more relaxed security parameters in place despite holding valuable data about the parent target,” he said.
“It is these secondary business service providers across all levels of the corporate chain which are most vulnerable to external breaches.”
Mamonitis said sinkhole connections are not limited to just Japan and South Korea, and have been observed in countries such as Australia.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.