|
|
Cyber espionage
2012-05-17
Net security analysts warned on Tues. that foreign policy and civil rights web sites are being booby-trapped by hackers in what seems to be cyber espionage. As of Monday internet sites for Amnesty Global HK, the Cambodian Ministry of Foreign Affairs and the US Center for Defense Info ( CDI ) stayed rigged to slide "hostile" code onto visitors' PCs, according to Shadowserver Foundation dedicated to tracking and reporting Net threats. "These assailants aren't spreading spyware thru strategically compromised sites to make friends," Shadowserver analysts Steven Adair and Ned Moran warned in a blog article. "They are trying to expand their access and swipe data." Information sometimes sought included messages, intellectual property, research, and business intelligence like contracts and talks, according to security experts. "The CDI web site is at present serving up an evil Flash exploit that ties back to assailants known to become involved in cyber espionage," the analysts asserted. "This threat group appears to show interest in targets with a tie to foreign policy and defense activities." Recently, Shadowserver saw a variety of "strategic Web compromises" exploiting failings in Oracle Java and Adobe Flash programs. The strategy is called a "drive-by" attack by PC security experts because people's PCs are anonymously infected by visiting a credible web site unaware of the fact that it's been booby-trapped by hackers. A domain for the World Institute of Counter-Terrorism at the Interdisciplinary Center in Herzliya, Israel, was listed within those compromised by hackers. Shadowserver announced that it commenced looking into the hacks after analysts at Websense reported last week the main page of Amnesty Global UK had been rigged with drive-by spyware. There are signs that an internet site for the North American Research Center in Egypt was temporarily compromised last week in a way like the CDI page hack, according to Shadowserver. Earlier in the month the Centre for EU Policy Studies site at ceps.eu was in a similar way compromised, according to the volunteer-based Web security group. Shadowserver referred to the hacks as "advance insistent threats," a term used in the bizz to refer to cyber espionage by groups like states.
|