Cyber espionage campaigns against the mining industry are largely geared towards ensuring interest groups have access to the latest technical knowledge and intelligence so they can maintain competitive advantage and thrive in the global commodities market. In this blog post, we illustrate this pattern with the case of the attacks involving the Potash Corporation. By doing so, we will be able to identify the motivations and goals of attackers targeting a key mining company.Read More
Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States.Read More
April last year, Pawn Storm reportedly compromised computers of the German Bundestag using data-stealing malware. This was the first documented political attack of Pawn Storm against Germany. One year later, this espionage actor group takes a swing once again.
In April 2016, we discovered that Pawn Storm started a new attack against the German Christian Democratic Union (CDU), the political party of the Chancellor of Germany, Angela Merkel.
The attack consisted of seemingly coordinated credential phishing attacks against the CDU and high profile users of two German freemail providers. A fake corporate webmail server of CDU was set up in Latvia for advanced credential phishing. Around the same time, three domains were created for credential phishing targeting high-profile individual users of two German free webmail providers. The main fake webmail server of CDU was set up in Latvia, but the free webmail credential phishing sites are on servers of the Virtual Private Server provider in the Netherlands we have discussed previously.Read More