The research team at Kaspersky Lab has published a report regarding the detection of 'Icefog.' ‘Icefog’ is a tiny but active APT (News - Alert) or Advanced Persistent Threat group, which concentrates on targets in South Korea and Japan, thereby hampering the supply chain for Western organizations. Icefog initiated its operations in 2011 and has grown in size and reach in the past years. According to the report, an increasing number of small groups of 'cyber-mercenaries' are being formed and are available for carrying out 'surgical' hit and run operations.
In a statement, Costin Raiu, director, Global Research & Analysis Team, Kaspersky Lab (News - Alert), said, "For the past few years, we've seen a number of APTs hitting pretty much all kinds of victims and sectors. In most cases, attackers maintain a foothold in corporate and governmental networks for years, exfiltrating terabytes of sensitive information. The 'hit and run' nature of the Icefog attacks demonstrate a new emerging trend: smaller hit-and-run gangs that are going after information with surgical precision. The attack usually lasts for a few days or weeks and after obtaining what they were looking for, the attackers clean up and leave. In the future, we predict the number of small, focused "APT-to-hire" groups to grow, specializing in hit-and-run operations; sort of 'cyber mercenaries' of the modern world."
Researchers at Kaspersky Lab have studied the profiles of known targets. According to the report, the attackers are primarily interested in the military, shipbuilding and maritime operations, computers and software development, research companies, telecom operators, satellite operators, mass media and television arenas. Important defense industry contractors like Lig Nex1 and Selectron Industrial Company, ship-building companies like DSME Tech, Hanjin Heavy Industries, telecom operators like Korea Telecom (News - Alert) and media companies like Fuji TV and the Japan-China Economic Association were to be targeted by the attackers.
Important documents and company plans, e-mail account identifications, and passwords for several assets inside and outside the victim's network have been hacked by the attackers. The attackers have utilized the "Icefog" backdoor set throughout the operation. Icefog operators have been processing victims individually by locating and copying only detailed, targeted information. According to the report, Icefog operators apparently know the precise information to be gleaned from victims.