ClearSky And Trend Micro Track Politically Motivated Global Cyber Attacks

A new report on the group known as “CopyKittens” details its increased activity in support of its political ambitions. The report is co-authored by ClearSky, an Israeli cyber-intelligence company, and Trend Micro, a global leader in cybersecurity solutions.

CopyKittens, which has been active since 2013, recently targeted government, security and academic institutions, and websites in Germany and Turkey as well as United Nations’ employees and organizations in Saudi Arabia, Israel, and Jordan.

In an incident detailed in the report, members of the German Bundestag were compromised by watering holes positioned within several legitimate websites that were hacked and linked to harmful third-party sites. Another incident cited explains how a Turkish diplomatic institution was hacked and used as a cover to launch a massive spear phishing campaign, with victims receiving a highly targeted message from a legitimate, known source.

CopyKittens is very persistent, despite lacking technological sophistication and operational discipline. These characteristics, however, cause it to be relatively noisy, making it easy to find, monitor and apply counter measures relatively quickly.

The group has independently developed several new hacking tools. They also use commercially available hacking tools such Cobalt Strike and Metasploit, which are generally for penetration testing and thus allow them to stay under the radar.

The extensive report details how its experts gained intimate access to the group’s activity, methods, tools, and infrastructure. They have shed new light on the operations and priorities of the intelligence organization operating the group.

“We’ve been tracking CopyKittens for four years and have become very intimate with its operations,? says Boaz Dolev, CEO, ClearSky Cyber Security. ?Our analysis gives indications about the group?s political motivations. Analyzed within this context, these attacks deliver fresh insights,” concluded Dolev.

The report can be accessed via the ClearSky blog at www.clearskysec.com/tulip and under Trend Micro Blog at blog.trendmicro.com.

ClearSky provides custom-tailored comprehensive cybersecurity defense, including cyber intelligence, strategic security consulting and security project development and implementation to financial institutions, government entities and critical infrastructure companies.

Source:
0 Comments