Pawn Storm: Attackers Target MH17 Investigators, Syrian Rebels

In my recent posting on Pawn Storm, I said that we can expect Pawn Storm attacks to continue. Our researchers have shown this to already be the case.

Thanks to new information from our Forward Looking Threat Research Team (FTR), we can report that Pawn Storm attackers have targeted the Dutch Safety Board (DSB, also known as Onderzoeksraad) investigating the Malaysian Airlines Flight 17 (MH 17) crash.

MH 17 crashed in eastern Ukraine on July 17, 2014 killing all 283 passengers and 15 crew.

Because the flight originated in Amsterdam, the Dutch Safety Board took charge in the investigation. On October 13, 2015 they released their final report.

Our investigation shows what we believe to be another sophisticated attack by Pawn Storm threat actors targeting the DSB. Like other Pawn Storm attacks, this attack was sophisticated, this time attacking a virtual private network (VPN) server as well as an SFTP server. These were carried out on October 14, 2015, one day after the release of the final report. The attackers also used another spoofed Outlook Web Access (OWA) server in an attempt to phish credentials from a DSB partner. Fortunately that attack failed, thanks to our efforts.

This isn’t the only activity we’ve seen recently. Our researchers have also tracked attacks by Pawn Storm against Syrian opposition group members in exile recently, as well as defense and diplomatic targets of Arab countries critical of Russian intervention in Syria.

This is further evidence that Pawn Storm is very active with a very sophisticated ongoing campaign warranting continued heighted vigilance by everyone, but especially other potential targets.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

from Trend Micro Simply Security http://ift.tt/1GXfI2c
via IFTTT