- Apr 25, 2013
- 5,355
Smartphone users from government, finance and engineering hit with malware payload.
Hackers are exploiting cloud infrastructure to launch cyber-attacks against governments and financial groups, according to the security company Blue Coat.
Users of Apple, Android and Blackberry devices were all targeted by the advanced persistent threat(APT) researchers have named Inception, which focuses on those working for embassies, military agencies and engineering firms, among other industries.
Snorre Fagerland and Waylon Grange, security researchers at Blue Coat, said: "The framework is notable for a number of reasons, including its use of a cloud-based infrastructure for command and control, and its use of the WebDAV [collaboration] protocol to send instructions and receive exfiltrated information from compromised systems."
To gain access to the phones attackers exploited bugs in the Rich Text Format (RTF), a legacy document format, with malware payloads customised to suit all three smartphone operating systems.
Fagerland and Grange added that the operational security used by the hackers to protect themselves was "among the best we have seen", adding that the "convoluted network of router proxies and rented hosts" seemed "almost excessively paranoid".
Initial attacks appear to be focused on Russia and other Eastern European countries through abuse of the storage service CloudMe, but Blue Coat expects it to travel further afield and exploit other services.
"It is clear that this infrastructure model does not need to be applied solely against a few targets, or even need to be hosted at CloudMe," Fagerland and Grange said. "The framework is generic, and will work as an attack platform for a multitude of purposes with very little modification."
While Blue Coat thought it unlikely the attacks were performed by a few individuals, it could not confirm whether the APT was backed by a state, as evidence obtained was inconclusive.
Hackers are exploiting cloud infrastructure to launch cyber-attacks against governments and financial groups, according to the security company Blue Coat.
Users of Apple, Android and Blackberry devices were all targeted by the advanced persistent threat(APT) researchers have named Inception, which focuses on those working for embassies, military agencies and engineering firms, among other industries.
Snorre Fagerland and Waylon Grange, security researchers at Blue Coat, said: "The framework is notable for a number of reasons, including its use of a cloud-based infrastructure for command and control, and its use of the WebDAV [collaboration] protocol to send instructions and receive exfiltrated information from compromised systems."
To gain access to the phones attackers exploited bugs in the Rich Text Format (RTF), a legacy document format, with malware payloads customised to suit all three smartphone operating systems.
Fagerland and Grange added that the operational security used by the hackers to protect themselves was "among the best we have seen", adding that the "convoluted network of router proxies and rented hosts" seemed "almost excessively paranoid".
Initial attacks appear to be focused on Russia and other Eastern European countries through abuse of the storage service CloudMe, but Blue Coat expects it to travel further afield and exploit other services.
"It is clear that this infrastructure model does not need to be applied solely against a few targets, or even need to be hosted at CloudMe," Fagerland and Grange said. "The framework is generic, and will work as an attack platform for a multitude of purposes with very little modification."
While Blue Coat thought it unlikely the attacks were performed by a few individuals, it could not confirm whether the APT was backed by a state, as evidence obtained was inconclusive.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
