View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Russian-linked hackers target White House & Nato, says Trend Micro

Cyber-gang started this year improving infrastructure and tactics.

By Jimmy Nicholls

A gang of hackers targeting Nato and the White House began the year by setting up infrastructure to attack military, government and media groups, according to the security vendor Trend Micro.

Operation Pawn Storm, so-named after a chess move, is said to have focused its efforts on sending emails with malicious Microsoft Office attachments to drop spyware onto victims’ computers.

Other tactics used by the gang allegedly include injecting Polish websites with spyware, and also phishing for their details via fake Microsoft Outlook Web Access sites.

Feike Hacquebord, senior threat researcher, said: "Pawn Storm targeted mainly military, government and media organisations in the United States and its allies.

"We determined that the group also aimed its attacks on Russian dissidents and those opposing the Kremlin, as well as Ukrainian activists and military, which has led some to speculate that there might be a connection with the Russian government."

In a switch from previous tactics Pawn Storm was also said to have started to write their emails with specific victims in mind, a growing trend among the state-sponsored groups known as advanced persistent threats (APTs) by security researchers.

Among the subjects of the email are the Southern Gas Corridor, set up by the European Union in a bid to become less dependent on Russian gas companies, and the ongoing instability in Ukraine.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The messages allegedly come with a link to what appears to be a legitimate news site, which then asks the victim to download a plugin to view the site’s contents. Unsurprisingly the plugin turns out to be malware.

Pawn Storm was also found setting up a fake Outlook Web Access site for a large US company involved in selling nuclear fuel, as well as the militaries of two European Nato members.

"Organisations must remain on high alert for these kinds of attack, as Operation Pawn Storm hackers go to great lengths to make their emails appear legitimate," Hacquebord said.

"Military and government bodies in the US, Europe and Asia especially must invest in the right advanced cyber security tools to block phishing and malware downloads, and improve user training and education to mitigate the risk of attack."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.