Cyber Spying, Digital Theft & Espionage

Cyber spying, digital theft and  espionage are about obtaining secret information without the permission and knowledge of the holder of the information. This data is taken from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using proxy servers, cracking techniques and malware software.

A group of ecurity researchers callled Malware HunterTeam have recently encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus. The threat has a very low detection rate and comes with capabilities that allow it to retrieve a payload from a remote location and run it in memory, making the forensic analysis more difficult.

Another recent study of cyber espionage activities shows that more than 200 unique families of malware have been used to eavesdrop on corporate and government employees, including attacks on the Japanese government.

These malware spies have formed  armies of nefarious hackers from around the world who use cyber warfare for economic, political, or military gain. 

These deliberately recruited and highly valued cybercriminals have the technical know-how to shut down anything from government infrastructures to financial systems or utility resources. They have influenced the outcome of political elections, created havoc at international events, and helped companies succeed or fail.

Many of these attackers use advance persistent threats (APTs) as their modus operandi to stealthily enter networks or systems and remain undetected for years and years.

These state-based threat actor teams are comprised of computer programmers, engineers, and scientists that form military and intelligence agency hacking clusters. They have tremendous financial backing and unlimited technological resources that help them evolve their techniques rapidly.

More than 200 unique families of malware have been used to eavesdrop on corporate and government employees, including attacks on the Japanese government, according to the results of a study of cyber-espionage activities released on July 25.
Unlike the massive botnets used by cyber-criminals to steal cash, such as the Gameover Zeus botnet, the espionage botnets typically consist of hundreds of compromised computers rather than tens or hundreds of thousands.

Most of the activity traces back to China, but some spying does not, including espionage carried out by a private security company that advertised "ethical" hacking courses, according to Dell Secureworks, which carried out the investigation. They identified  over 1,100 domain names used in the attacks and registered by online spies.

The Secureworks researchers identified many of the domains by finding suspicious domains and, when possible, registering them as they expired. He then listened for signs of botnet activity, an activity known as "sinkholing." 

Tapping this communication channel allowed Dell Secureworks to peer into the botnet's operation, including who had been infected. Stewart identified the malware into families based on the code and the network traffic each produced. Among the botnet activities caught in Stewart's sinkholing efforts were multiple attacks on Japanese targets, including government ministries, universities, municipal governments, trade organizations, think tanks, the manufacturing industry and the media.

Another sinkhole identified a relatively unknown piece of malware known as Elirks, which uses the Plurk microblogging service to communicate with its network of compromised computers. The attackers also used the service to post the current location of the command-and-control server, so that nodes ready to exfiltrate data can identify themselves and allow their controllers to log in. At least a dozen Plurk accounts were actively being used to communicate with infected systems, Stewart said in the report.

While not every company is in danger of becoming a target of cyber-spies, attackers tend to use the same techniques, much of it spread via carefully crafted email messages and targeted attacks.

Attacks aimed at stealing classified information from government agencies or trade secrets from corporations are also on the rise. Since Google outed Chinese hackers in a massive operation against some three-dozen U.S. and multinational companies, evidence has grown of widespread China-sanctioned espionage against governments, industry and human-rights groups.

China is not alone, however. Other countries-most notably the United States-have also used programs to infiltrate sensitive networks, steal information and interfere with other nations' activities. The US government has disclosed that it was responsible  for developing Stuxnet and used it as an attack method on Iran's nuclear weapond program.

eWeek:         CarbonBlack:           Bleeping Computer

You Might Also Read:

Spyware Website Taken Down:

Malware – The Hateful Eight:

 

« AI Market Forecast To Be Worth $190b By 2025
Cyber Security Talent Crunch - 3.5m Jobs Vacant »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

Techmentum

Techmentum

At Techmentum, our mission is to utilize technology to help companies succeed. Our expertise includes fully managed IT services, cybersecurity, cloud, and custom technology solutions.

Zyber 365 Group

Zyber 365 Group

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

WillJam Ventures

WillJam Ventures

WillJam Ventures are a private equity firm focused on investing in world-class cybersecurity companies that will become the next generation of leaders in protecting the world’s digital assets.