Researchers from Cylance have outlined a sustained 5-year APT campaign targeting Japanese Critical Infrastructure using dynamic DNS domains and customized backdoors. The attacks have also occurred in the US, South Korea, and Europe. The campaign used custom Android backdoors in 2015 with a Trojan forwarded by SMS messages, and later through specific files, from infected devices to C&C servers. Tim Erlin, Director of IT Security and Risk Management at Tripwire have teh following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“The more connected our critical infrastructure becomes, the more attractive a target it is for cyber attacks.
Industrial Control Systems and traditional IT systems are converging, giving attackers new avenues for accessing everything from the electric grid to the plant floor. Information security simply hasn’t kept up with the threat to ICS.
The analysis of this threat is very long on technical details, but short on objectives and motivations. It remains unclear what this group is after, or why they shifted their focus to concentrate on Japanese critical infrastructure.”[/su_note]