TMCnet News
CyberX Discovers Operation BugDrop: A Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian OrganizationsBOSTON, Feb. 16, 2017 /PRNewswire/ -- CyberX, providers of the most widely deployed industrial cybersecurity platform, today announced the discovery of a new, large-scale cyber-reconnaissance operation targeting a broad range of targets in the Ukraine. Because it eavesdrops on sensitive conversations by remotely controlling PC microphones – in order to surreptitiously "bug" its targets – and uses Dropbox to store exfiltrated data, CyberX has named it "Operation BugDrop." The full report on Operation BugDrop including Indicators of Compromise (IoCs) can be found on the CyberX blog. Operation BugDrop: Targets CyberX has confirmed at least 70 victims successfully targeted by the operation in a range of sectors including critical infrastructure, media, and scientific research. The operation seeks to capture a range of sensitive information including audio recordings of conversations, screen shots, documents and passwords. Unlike video recordings, which are often blocked by users simply placing tape over the camera lens, it is virtually impossible to block your computer's microphone without physically accessing and disabling the PC hardware. Most of BugDrop's targets are located in the Ukraine, but there are also some in Russia and a small number in Saudi Arabia and Austria. Many targets are located in the self-declared separatist states of Donetsk and Luhansk, regions classified as terrorist organizations by the Ukrainian government. CyberX believes the cyber-reconnaissance operation has been underway since June 2016. Examples of Operation BugDrop targets identified by CyberX so far include:
The operation's Tactics, Techniques and Procedures (TTPs) are also sophisticated. For example, it uses: "There's been a lot of cyber activity in the Ukraine – but what makes this one stand out is its scale and the amount of human and logistical resources required to analyze such massive amounts of unstructured stolen data. Clearly, these cyber-operatives know what they're doing," said Nir Giller, CTO, CyberX. "To prevent theft of corporate intellectual property and disruption of production operations, organizations of all types need to implement better detection of targeted attacks like these. Continuous monitoring of both IT and OT networks, and ongoing access to actionable threat intelligence, are two fundamental building blocks for modern cyberdefense." About CyberX CyberX has racked up numerous awards and industry accolades including being named a "Cool Vendor" by Gartner. CyberX is also the only industrial cybersecurity vendor selected for the SINET16 Innovator Award sponsored by the US DHS and DoD, and the only ICS security vendor recognized by the International Society of Automation (ISA). An active member of the Industrial Internet Consortium (IIC) and the ICS-ISAC, CyberX also provides groundbreaking ICS threat intelligence research that was recently featured in the popular McGraw-Hill book series, "Hacking Exposed ICS." For more information visit CyberX-Labs.com. Media Contact: To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/cyberx-discovers-operation-bugdrop-a-large-scale-cyber-reconnaissance-operation-targeting-ukrainian-organizations-300408969.html SOURCE CyberX |