Monday, August 8, 2016

Hacker Group spied on Swedish organization for five years – Aftonbladet

Hacker Group Battles leave behind traces linked to the “Lord of the Rings” – and is believed to act on behalf of a state.

Now revealed that an unspecified Swedish organization has been infected advanced spyware for up to five years.

– There may be a huge dark figure of affected organizations not identified, said the IT security expert Marcus Murray told Aftonbladet.

the IT security company Symantec has recently discovered several cases of serious cyber espionage against targets in Sweden, Belgium, China and Russia.

It is the question of track from spiontrojanen Remsec detected in 36 computers in seven different organizations in the four countries. The targets are described as carefully selected and “in the interest of a state intelligence service.”



Refers to Sauron

In Sweden, the issue of “organization” found to be affected. What industry organization is active in the state, Symantec does not have any knowledge of.

– The customer has configured their software so that all information we receive is anonymous, we only know that it is one of our enterprise customers, says security researcher Dick O’Brien Symantec to idg.se.

According to Symantec is a previously unknown hacker group – Battles – behind the attacks. In the code of the spyware product, the group according to Symantec made a reference to Sauron – evil, all-seeing ruler in the books of the “Lord of the Rings”.



“Alarmingly Sweden’s goal”

But who is Striders clients are unclear – except that it probably involves a state. Both the selected targets and software intelligence capacity indicates that, according to Symantec.

In addition, the group has managed to act undisturbed for at least five years.

IT security expert Marcus Murray TrueSec says the attack follows a pattern of growing cyber-espionage from intelligence agents worldwide. The aim is to usurp the information affect decision-making and even to prepare for the future needs of sabotage.

– This Trojan has similarities with previous large state-funded attacks. Among other things, the attacks that the United States accused Iran’s nuclear program in 2011. What is worrying here is that you discover that Sweden is part of the target image.



May be huge unrecorded

The spyware in issue opens a backdoor to infected computers and gives total control of everything done on the machine. Files can be stolen and everything can be logged, including keystrokes.

– There are different quality of these kinds of Trojans. This is a high quality software which indicates that there is someone who has more resources that built it, said Marcus Murray.

Since the software is specially designed to evade discover – for example, plant it in the working memory and not in hard drive – can be far more organizations to be infected than the handful that are discovered to be affected.

– Since this software is so sophisticated and only discovered 36 infections can be a huge unreported, says Marcus Murray .

Aftonbladet have searched Security Service during Monday night could not give any comment.

LikeTweet

No comments:

Post a Comment