View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Russian-linked hackers target White House & Nato, says Trend Micro

Cyber-gang started this year improving infrastructure and tactics.

By

A gang of hackers targeting Nato and the White House began the year by setting up infrastructure to attack military, government and media groups, according to the security vendor Trend Micro.

Operation Pawn Storm, so-named after a chess move, is said to have focused its efforts on sending emails with malicious Microsoft Office attachments to drop spyware onto victims’ computers.

Other tactics used by the gang allegedly include injecting Polish websites with spyware, and also phishing for their details via fake Microsoft Outlook Web Access sites.

Feike Hacquebord, senior threat researcher, said: "Pawn Storm targeted mainly military, government and media organisations in the United States and its allies.

"We determined that the group also aimed its attacks on Russian dissidents and those opposing the Kremlin, as well as Ukrainian activists and military, which has led some to speculate that there might be a connection with the Russian government."

In a switch from previous tactics Pawn Storm was also said to have started to write their emails with specific victims in mind, a growing trend among the state-sponsored groups known as advanced persistent threats (APTs) by security researchers.

Among the subjects of the email are the Southern Gas Corridor, set up by the European Union in a bid to become less dependent on Russian gas companies, and the ongoing instability in Ukraine.

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

The messages allegedly come with a link to what appears to be a legitimate news site, which then asks the victim to download a plugin to view the site’s contents. Unsurprisingly the plugin turns out to be malware.

Pawn Storm was also found setting up a fake Outlook Web Access site for a large US company involved in selling nuclear fuel, as well as the militaries of two European Nato members.

"Organisations must remain on high alert for these kinds of attack, as Operation Pawn Storm hackers go to great lengths to make their emails appear legitimate," Hacquebord said.

"Military and government bodies in the US, Europe and Asia especially must invest in the right advanced cyber security tools to block phishing and malware downloads, and improve user training and education to mitigate the risk of attack."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU