A gang of hackers targeting Nato and the White House began the year by setting up infrastructure to attack military, government and media groups, according to the security vendor Trend Micro.
Operation Pawn Storm, so-named after a chess move, is said to have focused its efforts on sending emails with malicious Microsoft Office attachments to drop spyware onto victims’ computers.
Other tactics used by the gang allegedly include injecting Polish websites with spyware, and also phishing for their details via fake Microsoft Outlook Web Access sites.
Feike Hacquebord, senior threat researcher, said: "Pawn Storm targeted mainly military, government and media organisations in the United States and its allies.
"We determined that the group also aimed its attacks on Russian dissidents and those opposing the Kremlin, as well as Ukrainian activists and military, which has led some to speculate that there might be a connection with the Russian government."
In a switch from previous tactics Pawn Storm was also said to have started to write their emails with specific victims in mind, a growing trend among the state-sponsored groups known as advanced persistent threats (APTs) by security researchers.
Among the subjects of the email are the Southern Gas Corridor, set up by the European Union in a bid to become less dependent on Russian gas companies, and the ongoing instability in Ukraine.
Content from our partners
The messages allegedly come with a link to what appears to be a legitimate news site, which then asks the victim to download a plugin to view the site’s contents. Unsurprisingly the plugin turns out to be malware.
Pawn Storm was also found setting up a fake Outlook Web Access site for a large US company involved in selling nuclear fuel, as well as the militaries of two European Nato members.
"Organisations must remain on high alert for these kinds of attack, as Operation Pawn Storm hackers go to great lengths to make their emails appear legitimate," Hacquebord said.
"Military and government bodies in the US, Europe and Asia especially must invest in the right advanced cyber security tools to block phishing and malware downloads, and improve user training and education to mitigate the risk of attack."
