Spyware used for cyber espionage against German company for over a decade

Spyware used for cyber espionage against German company for over a decade

אילוסטרציה

This post is also available in: heעברית (Hebrew)

Illustration
Illustration

Espionage infrastructure planted in the computers of over 300 institutions, companies and government bodies in Germany, Austria and Switzerland for over a decade was recently discovered by an Israeli data security company. The company’s CEO uncovers the details for the first time in an exclusive interview for i-HLS.

Cyber attacks on organizations great and small is hardly unusual, but the extent and the depth of the malware and spyware planted in the computers of an undisclosed major German company came as a surprise even to industry pundits.

Following a routine installation of the Israeli company’s data security system in a number of computers in a German company with strategic information vis-à-vis the German government, and in particular the computer of one of the company’s top officials, two Trojan horses were identified, belonging to the same assailant.

Follow up scans of the company’s other mainframes revealed the staggering extent to which the company’s computers had been compromised for over a decade. It turns out that as early as 2002, over 800 straw companies had been established, acquiring domains and SSL certificates for the purpose of masking the cyber attacks by posing as legitimate internet services with German IP addresses. This was used to carry the attacks out from seemingly benign ports which seemed credible. Another difficulty in locating the source of the attack and its course was posed by the use of Trojan horses with different signatures. These are known as “polymorphic Trojan”.

The hackers succeeded in identifying key company figures and infiltrate their personal computers, along with the company’s internal networks, thereby gaining absolute control of the most sensitive database and pumping their contents without any problem for about 12 years. Traces of the primary cyber attack have been found in numerous other companies in Europe, so they may have been the victims of the same attack.

CYBERTINEL CEO Koby Ben Naim refused to comment on the identity of the hackers who perpetrated this cyber attack, whether they were members of a huge criminal organization or operatives from a foreign nation.

iHLS Israel Homeland Security

When asked by i-HLS about the system’s configuration, CEO Koby Ben Naim explained that “unique and dedicated “Agents” (bits of software used as traps or monitors, D.L, i-HLS desk), are installed either by CYBERTINEL or automatically by the system at each end point, in all the PCs, servers, databases and mail servers. These “agents” constantly report to CYBERTINEL dedicated server about known and anticipated phenomena and events in the network. These are summarily analyzed based on mathematic algorithms. The system knows how to “peel off” any encryption and examine the contents of the data, thereby achieving greater control over malware which attempt to infiltrate the organization’s computer network”.

Such a deep and significant infiltration into the attacked company’s computer network has enabled the hackers to establish further cyber attacks on companies and government bodies the company had been in connection with. All this was done under the guise of legitimate systems. This allows the hackers to control practically countless computer networks worldwide.

In practical terms, the cyber attack of the German company is estimated to have cost millions of Euros. The hackers carried it our undisturbed for over a decade. All this time, the British authorities failed to associate the 800 straw companies that had been launched and shut down with a threat that could also have come from an an enemy county or a terrorist organization.