Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Hackers target the German Bundestag and Turkish diplomats

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

July 25, 2017

Security researchers today have discovered a group of hackers that have targeted the German Bundestag and some Turkish diplomats in their aim at committing mischief.

The cyber attack gang is identified as 'CopyKittens' and has already attacked various government departments in Germany, a few security and academic institutions, numerous websites in Germany and Turkey, as well as some United Nations employees.

But CopyKittens have been around for the past four years. They also targeted various organizations in Saudi Arabia, Israel and Jordan since mid-2013.

Government institutions, defence companies, sub-contractors and large IT companies are also among the most targeted organizations, the researchers asserted the internet community.

A report on the group is co-authored by ClearSky, an Israeli cyber-intelligence firm, and Trend Micro. It reports how various members of the German Bundestag were seriously compromised by a 'watering hole-style' cyber attack run by the group.

In another but similar case, a malicious email was sent from a breached account of an employee in the Ministry of Foreign Affairs in the Turkish Republic of Northern Cyprus, trying to leverage trust in the supposed source of the email in a bid to infect multiple targets in other government organizations worldwide.

In another related security incident, a document likely stolen from the Turkish Ministry of Foreign affairs was used as a decoy.

Various embassies in Israel have also been targeted by the group, as well as foreign embassies outside Israel. Fake Facebook profiles (some active for years) have also been used to spread malicious links and help build some trust.

Other tactics included breaching exposed webmail accounts, among other mischiefs. Additionally, it appears that the group has developed its own bespoke hacking tools. These include TDTESS backdoors; Vminst, a lateral movement tool; and NetSrv, a Cobalt Strike loader.

CopyKittens also uses Matryoshka v1, a self-developed remote access trojan that's been around since at least March of this year. The group also makes some use of commercially available pen-testing tools such Cobalt Strike and Metasploit, among others.

"You need to be aware that CopyKittens is very persistent, despite lacking technological sophistication and operational discipline," according to ClearSky. "However, those characteristics cause it to be relatively noisy, making it easy to find, monitor and apply counter measures relatively quickly."

Previous research on CopyKittens done last month also accused the group of kinky OpSec practices, among others.

The group is very malicious and seems to be escalating its various tactics. Neither ClearSky nor Trend Micro speculates about the identity of CopyKittens, but based on the various targets and their social media shenanigans, Iran, Russia and China could be suspects, depending on who you ask.

Source: ClearSky and Trend Micro.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer