State-sponsored Cyberspies

Uploaded on 2015-11-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

 

FireEye have discovered an attack campaign that injects computer profiling & tracking scripts into over 100 security- sensitive Russian  websites.

Web analytics and tracking cookies play a vital role in online advertising, but they can also help attackers discover potential targets and their weaknesses, a new report shows.

Security researchers from FireEye have discovered an attack campaign that has injected computer profiling and tracking scripts into over 100 websites visited by business executives, diplomats, government officials and academic researchers.

The researchers believe the compromised websites attract visitors involved in international business travel, diplomacy, energy production and policy, international economics and official government work. They include sites belonging to embassies, educational and research institutions, governments, visa services, energy companies, media organizations and non-profit organizations.

While no exploits or malicious code have been served through the injected scripts, the goal of the attackers appears to be the identification of unique users who can be targeted with attacks tailored for their specific computer and software configurations. FireEye has named the reconnaissance campaign WITCHCOVEN and believe that it's the work of state-sponsored attackers.

When users visit one of the compromised websites, their browsers get silently redirected to one of several WITCHCOVEN profiling servers. Scripts hosted on those servers collect information like the user's IP address, their browser type and version, the language setting, the referring website, the version of Microsoft Office and browser plug-ins like Java, Flash Player, etc.

In addition, they also install so-called supercookies or evercookies inside users' browsers. These cookies are hard to delete and are used to track users across multiple websites.
"We believe that the computer profiling data gathered by the WITCHCOVEN script, combined with the evercookie that persistently identifies a unique user, can, when combined with basic browser data available from HTTP logs, be used by cyber threat actors to identify users of interest, and narrowly target those individuals with exploits specifically tailored to vulnerabilities in their computer system," the FireEye researchers said in their report.

The company has not detected any follow-up exploitation attempts against its customers so far, but this could be because the attackers use a highly targeted approach to victim selection.
The subsequent exploits could be embedded in malicious documents attached to email spear phishing messages and not necessarily be served through a browser. The gathered information could also be used to assist in traditional spying operations.

Some of the compromised websites suggest that the attackers may have a particular interest in individuals associated with a major Russian energy company, Russian cultural organizations, Russian embassies, Ukraine's security services and border guards and a media organization in the Republic of Georgia, the FireEye researchers said.

Computerworld

 

« Low-tech Coppers in the UK
Mystery Fingers on Keyboard in JPMorgan Hack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.