Cyber Espionage
28 March, 2013
Advanced malicious software can collect sensitive, confidential information about security and national defense centers in any country of the world and then uploading it to some of command and control servers.
Typical scenario: some of the news-related sites are hacked (malicious script injected only in the pages, where specific information is presented) after visiting these pages computer is infected by unknown malicious program (none of antiviruses could identify the threat, by the time of discovery. When executed ,malicious file fully
controls infected computers, searches for the sensitive words in the document files, makes video and audio capture using built-in cameras and microphones. Typically cyber attack is designed very smartly. Most frequently attacked websites in Georgia are:;;;;;;;;
Malware capabilities: full control of infected computer. Malicious file is searching for sensitive words inside Microsoft Office and PDF files. The malicious file can send any file from local hard drive to the remote server; steal certificates; search hard drive; take screenshots; record audio; record video using webcam; scan the local network. Command and control servers generating malware change destination and Internet Protocol addresses upon detection. Infecting mechanism step by step. In recent months, the world-wide security community has discovered many cyber espionage campaigns that hit Governments, intelligence agencies and private industry not only in Georgia.
The virtual teams, Governments hostile to Georgia, and groups of hack-tivists tend to lean toward the spread of malicious agents that have the capacity to silently infiltrate their targets, stealing confidential information from them. The Chinese government is considered the biggest aggressor in cyber espionage against USA, while US networks are the privileged targets of cyber attacks that hit every sector, from media to military.
The rise of web-based attacks in Corporate espionage raises in Georgia and elsewhere has two points: first, this trend means that any corporation with an on-line presence that serves such potentially ‘interesting’ targets may be at risk of unwittingly serving as an attack conduit, and secondly; obviously, such organizations must now find a way to mitigate such a risk, in order to protect themselves and their Clients.”