Published in News

State Hackers used commercial software

by on29 December 2014


Hit European and Israeli military sites

A state inspired hacking campaign against military targets in Israel and Europe misused security-testing software to cover its tracks and enhance its capability.

Israel's independent Computer Emergency Response Team, or CERT said that the attack program relied on software usually sold by Boston-based Core Security to companies and other customers that want to test their own defences.

While criminal hackers have used penetration-testing tools such as Metasploit for years, most major government-sponsored hacks have specially written tools supplemented by free and widely available programs. This is because commercial programs could be traced back to specific customers.

The Core Security program, which typically costs $10,000 or $20,000, could help muddy the waters, and CrowdStrike analyst Tillmann Werner said it could also help a second-tier cyber-power skip some of the work frequently undertaken by China, Russia and the United States.

Werner and Cymmetria Chief Executive Gadi Evron, who also chairs the Israeli CERT, said they did not know who was behind the campaign but the smart money is on Iran.

The researchers dubbed the new campaign Rocket Kitten, following CrowdStrike's convention for naming all suspected Iranian hacking groups as Kittens.

Iran improved its Internet operations in the years since its nuclear program was attacked by Stuxnet, an unusually destructive virus developed by the United States and Israel.

Evron said the team had uncovered seven connected attacks so far since April, including attempts to steal information from an Israeli company "adjacent to the defence and aerospace industry.

The Israeli attempts went nowhere.

The attacks typically began with carefully targeted emails with a poisoned Excel spreadsheet attachment sent to top executives.

 

Rate this item
(0 votes)

Read more about: