Russian Attackers Hijack Japanese Industrial and Accounting Websites

A security researcher, who happened to be visiting Japan, coincidentally noticed Russian hackers had breached one of the country’s industrial sites, while he was reviewing suspicious websites.

Among a collection of malware logs was a Japanese-looking domain name (kyokutou-tikka.com) that was pointing to a malicious online network.

“Sure enough, it was the site for a Japanese industrial company that specializes in metal treatment,” said Chris Larsen, a researcher at U.S.-based Blue Coat Systems.

The metal treatment site was directing traffic to a second Japanese site, (yamateru.info), which belongs to a small accounting business. That second site, in turn, pointed to the malicious domain -- gold.ecoexampledomain.com.”

“Both Japanese sites live on the same server,” Larsen said.

The root cause of the website hijackings apparently was an assault by Russian computers on that one server.

Gold.ecoexampledomain.com “was living on a server located in Russia . . . which is fitting, since I'm pretty sure that the group running it is Russian, although they move around a lot,” Larsen said.