'Icefog' spying operation targeted Japan, South Korea

Kaspersky Lab says the Icefog attackers appeared to know what files they needed from victims

Kaspersky Lab says a hacking campaign called Icefog targeted organizations in Japan and South Korea with phishing emails laden with malware.

Kaspersky Lab says a hacking campaign called Icefog targeted organizations in Japan and South Korea with phishing emails laden with malware.

A hacking group that targeted Japan's parliament in 2011 is believed to have conducted nimble data thefts against organizations mainly in South Korea and Japan, including defense contractors, over the past two years.

The "Icefog" hackers probed victims one by one, carefully copying select files and then exiting the systems, according to security vendor Kaspersky Lab, which released a 68-page report on the group Wednesday.

"The nature of the attacks was also very focused," Kaspersky wrote. "In many cases, the attackers already knew what they were looking for."

Over the past several years, security analysts have noticed an uptick in so-called "advanced persistent threat" (APT) attacks, where interlopers plant stealthy malware on networks for cyber spying.

"In the future, we predict the number of small, focused APT-to-hire groups to grow, specializing in hit-and-run operations, a kind of 'cyber mercenaries' of the modern world," the report said.

Kaspersky did not name the organizations that were victimized, but did name a few targeted by Icefog. A private report with more information is available to governments, the company said.

Those targeted included the defense contractors Lig Nex1 and Selectron Industrial Company; two shipbuilding companies, DSME Tech and Hanjin Heavy Industries; Korea Telecom, Fuji TV and the Japan-China Economic Association. Kaspersky said the naming of those companies did not imply the Icefog attacks were successful.

Icefog was detected in 2011 after the group targeted Japan's parliament, and its campaign has continued through this year, Kaspersky said.

Based on where the stolen data was transferred to, Kaspersky wrote the attackers are assumed to be in China, South Korea and Japan.

The hackers target victims by email, sending malicious attachments or links to websites that will attack the victim's computer if it has software vulnerabilities in programs such as Microsoft Word, Adobe Reader or within the operating system.

Mac OS X systems are also targeted. Kaspersky counted 4,500 IP addresses that were infected, which belonged to more than 430 victims. The Macfog malware, which purported to be a graphics application, popped up late last year on several Chinese-language forums.

"The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide," the report said.

Once a computer has been compromised, the hackers upload malicious tools and backdoors. They look for email account credentials, sensitive documents and passwords to other systems, Kaspersky said.

After the hackers find what they're looking for, the Icefog attackers tend to exit the systems.

"The 'hit and run' nature of this operation is one of the things that make it unusual," the report said. "While in other cases, victims remain infected for months or even years, and data is continuously exfiltrated, the Icefog attackers appear to know very well what they need from the victims."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags intrusionsecuritydata breachdata protectionmalwarekaspersky lab

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?