A massive cybercrime network which penetrated hundreds of blue-chip companies, Government institutions, research laboratories and critical infrastructure facilities was facilitated for 12 years by the incorporation of over 800 false companies registered in the UK.
According to research by Cybertinel, the espionage system was traced back to over 800 front companies registered in UK and to German individuals who operated the espionage network.
Named the ‘Harkonnen Operation’, the network performed numerous targeted penetrations on over 300 organisations and planted Trojans in specific workstations in the organisations, gaining access to sensitive confidential documents and information and silently siphoning them to the organisations who ordered the attack.
It reported that the organisation invests tens of thousands of Euros every year installing and maintaining IT security systems and tools. Those behind it are described as “very skilled” who work according to the latest security standards and threat warnings.
Also, a lack of interest in British firms in purchasing SSL security certificates were exploited by the network, enabling them to create pseudo legitimate internet service names and use them to camouflage their fraudulent activity.
Jonathan Gad of Elite Cyber Solutions, Cybertinel’s UK partner, said: “The network exploited the UK’s relatively tolerant requirements for purchasing SSL security certificates, and established British front companies so they could emulate legitimate web services. The German attackers behind the network then had total control over the targeted computers and were able to carry out their espionage undisturbed for many years.
“At this point, we are aware of the extent of the network, but the damage to the organisations who have been victims in terms of loss of valuable data, income or the exposure of information related to employees and customers is immeasurable.”
The ‘Harkonnen Operation’ began on 14th June 2013 using spear phishing messages which carried two Trojan variants. Once installed, hundreds of domain names, IP addresses and Wildcard certificates were acquired on behalf of these front companies at an estimated expense of $150,000 to camouflage fraudulent activity as legitimate services.
Mark Sparshott, EMEA director at Proofpoint, said: “Cybertinel’s report confirms yet again that spear-phishing is the weapon of choice for targeted attacks and, most worryingly, that they breeze through email and web gateways, next-generation firewalls and multiple anti-virus layers completely undetected.
“There are new technologies designed specifically to protect against spear-phishing, longlining attacks and other advanced email attacks. So it is high time that senior executives, who are often targeted, ask their security teams why they are not using these additional technologies in the face of such a clear risk and obvious hole in their security.”