Threatwatch

Spies who struck a federal cyber vendor are back -- in Japan

Cyber espionage; Software vulnerability

A group that attacked Bit9, a cybersecurity contractor supporting the U.S. government, has infiltrated computer systems belonging to popular Japanese media outlets, as well as government, high tech and manufacturing organizations in the foreign country. A bug in Internet Explorer allowed the hackers entry, allegedly to spy on the targets and potentially customers who visit their websites.

The intrusions, which started Aug. 19, coincide with major holidays and festivals in that part of the world, according to Kaspersky Lab. The China Moon Festival, for example, took place last week, so fewer companies were online and in a position to respond to any issues.

Security researchers at FireEye detected that some of the malicious programs inserted by the attackers connect back to a server in South Korea. They then discovered several malicious websites also pointing to the same server in South Korea, a clue that ultimately allowed FireEye to make the connection to the attack against Bit9 this year. “The same email address that registered the South Korean server also registered a domain used in the attack on the security company,” Kaspersky reported. 

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Government (Foreign); Manufacturing; Media; Technology

reported

September 23, 2013

reported by

Qualys and FireEye

number affected

Unknown

location of breach

Japan

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

August 19, 2013

date breach detected

September 2013