A small webhosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious APT incidents that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is registered in Dubai, United Arab Emirates (UAE). But from public postings on the Internet, it is apparent that the owner doesn’t really care about laws in UAE. In fact, Pawn Storm and another APT group, attacked the government of UAE using servers of the VPS provider through highly targeted credential phishing. Other threat actors like DustySky (also known as the Gaza hackers) are also regularly using the VPS provider to host their Command and Control (C&C) servers and to send spear phishing e-mails.Read More
Senior Threat Researcher
Pawn Storm, the long-running cyber espionage campaign, added to its long list of targets several government offices (including the office of the prime minister and the Turkish parliament) and one of the largest newspapers in Turkey. Pawn Storm has been known to attack a diverse list of targets–including armed forces, diplomats, journalists, political dissidents, and software developers.Read More
Pawn Storm has a long history of targeting government agencies and private organizations to steal sensitive information. Our most recent findings show that they targeted the international investigation team of the MH17 plane crash from different sides.
The Dutch Safety Board (known as Onderzoeksraad) became a target of the cyber-espionage group before and after the safety board published their detailed report on the MH17 incident on October 13, 2015. We believe that a coordinated attack from several sides was launched to get unauthorized access to sensitive material of the investigation conducted by Dutch, Malaysian, Australian, Belgian, and Ukrainian authorities.Read More
Why would Pawn Storm, the long-running cyber-espionage campaign, set its sights on a Russian punk rock group? Sure, Pussy Riot is controversial. Members of the feminist band had previously been thrown in jail for their subversive statements against the Orthodox Church and Russian patriarchal system. But why would attackers have any interest in them? What…Read More
Long-running APT campaign Operation Pawn Storm has begun the year with a bang, introducing new infrastructure and zeroing in on targets including North Atlantic Treaty Organization (NATO) members and even the White House. This is according to the latest intelligence gleaned from Trend Micro’s ongoing research into the attack group, and comes as a follow-up…Read More