Cyber-Espionage Group Breached Systems in 37 Nations, Security Researchers Say

Source: Slashdot

Overview

An Asian cyber‑espionage group has spent the past year breaking into computer systems belonging to governments and critical‑infrastructure organizations in more than 37 countries, according to the cybersecurity firm Palo Alto Networks, Inc. The state‑aligned attackers have infiltrated the networks of 70 organizations, including five national law‑enforcement and border‑control agencies. They have also breached three ministries of finance, one country’s parliament and a senior elected official in another. The Santa Clara, California‑based firm declined to identify the hackers’ country of origin.

Scope of the Operation

The spying operation was unusually vast and allowed the hackers to hoover up sensitive information in apparent coordination with geopolitical events such as diplomatic missions, trade negotiations, political unrest and military actions.

• Access was used to spy on emails, financial dealings and communications about military and police operations.
• Information about diplomatic issues was also stolen, with some compromises remaining undetected for months.

Tactics and Techniques

“They use highly‑targeted and tailored fake emails and known, unpatched security flaws to gain access to these networks,” said Pete Renals, director of national security programs with Unit 42, the threat‑intelligence division of Palo Alto Networks.

• Phishing: Highly‑targeted spear‑phishing emails.
• Exploitation: Known, unpatched vulnerabilities in software and hardware.
• Exfiltration: Direct access to victims’ email servers to extract sensitive data.

Targeted Entities

Bloomberg reports that the campaign specifically targeted:

• Government entities in the Czech Republic.
• The Ministry of Mines and Energy of Brazil.
• A device associated with a facility operated by a joint venture between Venezuela’s government and an Asian tech firm (likely compromised).

The attackers are also suspected of being active in:

• Germany, Poland, Greece, Italy, Cyprus, Indonesia, Malaysia, Mongolia, Panama, and other countries.

Impact

Palo Alto Networks researchers confirmed successful access to, and exfiltration of, sensitive data from several victims’ email servers. The breadth of the intrusion underscores the risk posed by state‑aligned cyber‑espionage groups to critical infrastructure and governmental functions worldwide.