Global Cyber Espionage Operation Named SafeNet Discovered By Researchers

Global Cyber Espionage Operation Named SafeNet Discovered By ResearchersCyber attacks have grown world over where some are even using stealth and undetectable malware to indulge in their activities. Since there is a problem of authorship attribution for cyber attacks at International level, the origin of these cyber attacks can at best be a well analysed guess. We cannot blame a particular country or organisation with utmost certainty that it is behind the cyber attack.

Botnet are used by cyber criminals to indulge in various cyber crimes and launch numerous cyber attacks. For online advertisement industry alone, botnet have caused losses upto the extent of USD 6 millions.

Then we have spyware and keyloggers that are used by government to defeat civil liberties in cyberspace. For instance, the command and control servers of FinFisher were found in 36 countries and India is one such country. This shows that governments around the world are interested in secret spying upon their citizens. India has taken I to another level by introducing the projects like Aadhaar, National Intelligence Grid (Natgrid) and Central Monitoring System (CMS).

India has also proposed the cyber security policy that has been cleared by the cabinet committee on security. The policy, among other things, has advocated development of offensive and defensive cyber security capabilities in India. It is a mere coincidence that an Indian firm has been accused of indulging in cyber espionage of sophisticated nature though the firm has denied any such involvement.

Meanwhile, the security researchers from Trend Micro have uncovered an active cyber espionage operation that so far has compromised computers belonging to government ministries, technology companies, media outlets, academic research institutions and nongovernmental organisations from over 100 countries. The operation, which Trend Micro has dubbed SafeNet, targets potential victims using spear phishing emails with malicious attachments. The company’s researchers have investigated the operation and published a research paper (PDF) with their findings.

The investigation uncovered two sets of command-and-control (C&C) servers used for what appear to be two separate SafeNet attack campaigns that have different targets, but use the same malware. The malware installed on the infected computers is primarily designed to steal information, but its functionality can be enhanced with additional modules.

The operators of the C&C servers accessed them from IP addresses in several countries, but most often from China and Hong Kong. The researchers also found use of VPNs and proxy tools, including Tor, which contributed to the geographic diversity of the operators’ IP addresses.