View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 10, 2014

Hackers exploit cloud to host C&C servers

Smartphone users from government, finance and engineering hit with malware payload.

By Jimmy Nicholls

Hackers are exploiting cloud infrastructure to launch cyber-attacks against governments and financial groups, according to the security company Blue Coat.

Users of Apple, Android and Blackberry devices were all targeted by the advanced persistent threat (APT) researchers have named Inception, which focuses on those working for embassies, military agencies and engineering firms, among other industries.

Snorre Fagerland and Waylon Grange, security researchers at Blue Coat, said: "The framework is notable for a number of reasons, including its use of a cloud-based infrastructure for command and control, and its use of the WebDAV [collaboration] protocol to send instructions and receive exfiltrated information from compromised systems."

To gain access to the phones attackers exploited bugs in the Rich Text Format (RTF), a legacy document format, with malware payloads customised to suit all three smartphone operating systems.

Fagerland and Grange added that the operational security used by the hackers to protect themselves was "among the best we have seen", adding that the "convoluted network of router proxies and rented hosts" seemed "almost excessively paranoid".

Initial attacks appear to be focused on Russia and other Eastern European countries through abuse of the storage service CloudMe, but Blue Coat expects it to travel further afield and exploit other services.

"It is clear that this infrastructure model does not need to be applied solely against a few targets, or even need to be hosted at CloudMe," Fagerland and Grange said. "The framework is generic, and will work as an attack platform for a multitude of purposes with very little modification."

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

While Blue Coat thought it unlikely the attacks were performed by a few individuals, it could not confirm whether the APT was backed by a state, as evidence obtained was inconclusive.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.