Unveiling an Indian cyberattack infrastructure - a special report

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Unveiling an Indian cyberattack infrastructure - a special report
Botnet HangOver
Malware Hanove
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-05
Editor/Conference Norman
Link http://enterprise.norman.com/resource_center/unveiling_an_indian_cyberattack_infrastructure-a_special_report entreprise.norman.com (entreprise.norman.com Archive copy)
Author Snorre Fagerland, Morten Kråkvik, Jonathan Camp, Ned Moran
Type White paper

Abstract

On March 17, 2013 a Norwegian newspaper reported that the country’s telecommunications giant Telenor had filed a criminal police case for an unlawful computer intrusion. Spear phishing emails targeting upper management appeared to be the source of the infection. Through extensive analysis, security analysts at Norman Shark, in conjunction with our partners, quickly uncovered a previously unknown and sophisticated infrastructure for targeted attacks.

Our report details a sophisticated cyberattack infrastructure that appears to originate from India, conducted by private threat actors with no evidence of state-sponsorship. It has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key tasks, including some by freelance programmers.

In this report we detail a cyberattack infrastructure that appears to be Indian in origin. This infrastructure has been in operation for at least three years, more likely close to four years. The purpose of this framework seems predominantly to be a platform for surveillance against targets of national security interest (such as Pakistan), but we will also show how it has been used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations.

Bibtex

 @misc{Fagerland2013BFR1329,
   editor = {Norman},
   author = {Snorre Fagerland, Morten Kråkvik, Jonathan Camp, Ned Moran},
   title = {Unveiling an Indian cyberattack infrastructure - a special report},
   date = {01},
   month = May,
   year = {2013},
   howpublished = {\url{http://enterprise.norman.com/resource_center/unveiling_an_indian_cyberattack_infrastructure-a_special_report entreprise.norman.com}},
 }