Unveiling an Indian cyberattack infrastructure - a special report
(Publication) Google search: [1]
| Unveiling an Indian cyberattack infrastructure - a special report | |
|---|---|
| Botnet | HangOver |
| Malware | Hanove |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-05 |
| Editor/Conference | Norman |
| Link | http://enterprise.norman.com/resource center/unveiling an indian cyberattack infrastructure-a special report entreprise.norman.com (entreprise.norman.com Archive copy) |
| Author | Snorre Fagerland, Morten Kråkvik, Jonathan Camp, Ned Moran |
| Type | White paper |
Abstract
“ On March 17, 2013 a Norwegian newspaper reported that the country’s telecommunications giant Telenor had filed a criminal police case for an unlawful computer intrusion. Spear phishing emails targeting upper management appeared to be the source of the infection. Through extensive analysis, security analysts at Norman Shark, in conjunction with our partners, quickly uncovered a previously unknown and sophisticated infrastructure for targeted attacks.
Our report details a sophisticated cyberattack infrastructure that appears to originate from India, conducted by private threat actors with no evidence of state-sponsorship. It has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key tasks, including some by freelance programmers.
In this report we detail a cyberattack infrastructure that appears to be Indian in origin. This infrastructure has been in operation for at least three years, more likely close to four years. The purpose of this framework seems predominantly to be a platform for surveillance against targets of national security interest (such as Pakistan), but we will also show how it has been used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1329,
editor = {Norman},
author = {Snorre Fagerland, Morten Kråkvik, Jonathan Camp, Ned Moran},
title = {Unveiling an Indian cyberattack infrastructure - a special report},
date = {01},
month = May,
year = {2013},
howpublished = {\url{http://enterprise.norman.com/resource_center/unveiling_an_indian_cyberattack_infrastructure-a_special_report entreprise.norman.com}},
}