All the latest UK technology news, reviews and analysis


Russian ‘Energetic Bear' hackers caught ransacking energy companies

22 Jan 2014
gasline-russia

Russian hackers have successfully taken data from a significant number of companies and government agencies over the past year, according to US security firm CrowdStrike.

CrowdStrike confirmed uncovering the operation, codenamed Energetic Bear, while tracking 50 of the world's most notorious hack campaigns in its 2013 Global Threat Report. The report claimed the operation was focused on stealing valuable data from the energy sector.

"Energetic Bear is an adversary group with a nexus to the Russian Federation that conducts intelligence operations against a variety of global victims with a primary focus on the energy sector," read the report. "CrowdStrike intelligence has been tracking the adversary since August 2012."

The report declines to mention which companies were hit by the campaign, but listed its target base as including businesses operating in the US, Japan, Poland, Greece, Romania, Spain, France, Turkey, China and Germany. The UK was not included on the victim list.

The campaign is also believed to have infected machines outside of the energy industry. CrowdStrike reported finding compromised hosts in government systems, academic institutions, manufacturing firms, defence contractors, healthcare providers and IT companies.

CrowdStrike said the Energetic Bear attacks were atypical and dangerous as they primarily infected systems using strategic web compromises (SWC), also known as watering-hole attacks.

"Subsequent investigation revealed that the SWC tactic appears to be this adversary's preferred delivery vector, however there is also evidence that it leverages exploits for popular document readers, such as Adobe Reader," read the report.

Watering hole attacks work to infect users' machines with malicious code by hijacking trusted websites often visited by their intended target and transforming them into malware-distribution tools.

CrowdStrike reported that the Energetic Bear campaign used a variety of malware to extract three key types of data from its victims.

These included information-harvesting tools that gathered data on the infected system, such as what operating system was running. The campaign also used a credential-harvesting tool that stole passwords stored on open web browsers and secondary implants that "talk to different C2 infrastructures using custom protocols and execute tertiary payloads in memory".

The watering hole tactic has been used to compromise several big-name institutions over the past year, including the US Department of Labor. Vice president of Intelligence at CrowdStrike Adam Meyers, said he expects the tactic to become increasingly common in 2014.

"Compromising and weaponising a legitimate website has significant advantages over spear phishing, which historically has been the most common method of launching a targeted attack," he said.

"A strategic web compromise does not require social engineering a victim, which can expose an adversary to detection. We believe this tactic will be used with increasing frequency among the adversaries that we are tracking."

CrowdStrike is one of many security companies to warn businesses to expect an increase in cyber attacks this year. Network giant Cisco warned companies to be particularly vigilant about advanced Java and Android-based exploits in its latest threat report earlier in January.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
9%
3%
64%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Web Data Analyst - Google Analytics / SQL

Web Data Analyst Our client is the largest of its...

Solutions Architect

I am looking for a Solutions Architect to join my client...

Transport Planner/Manchester/contract/3 months/asap/Highways

Transport Planner/Manchester/contract/3 months/asap/Highways...

Mobile planning and forecasting consultant

Mobile and Planning Consultant Based London/Trowbridge...
To send to more than one email address, simply separate each address with a comma.