Researchers from Cylance have outlined a sustained 5-year APT campaign targeting Japanese Critical Infrastructure using dynamic DNS domains and customized backdoors. The attacks have also occurred in the US, South Korea, and Europe. The campaign used custom Android backdoors in 2015 with a Trojan forwarded by SMS messages, and later through specific files, from infected devices to C&C servers. Tim Erlin, Director of IT Security and Risk Management at Tripwire have teh following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“The more connected our critical infrastructure becomes, the more attractive a target it is for cyber attacks.
Industrial Control Systems and traditional IT systems are converging, giving attackers new avenues for accessing everything from the electric grid to the plant floor. Information security simply hasn’t kept up with the threat to ICS.
The analysis of this threat is very long on technical details, but short on objectives and motivations. It remains unclear what this group is after, or why they shifted their focus to concentrate on Japanese critical infrastructure.”[/su_note]
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
