Spies who struck a federal cyber vendor are back -- in Japan

A group that attacked Bit9, a cybersecurity contractor supporting the U.S. government, has infiltrated computer systems belonging to popular Japanese media outlets, as well as government, high tech and manufacturing organizations in the foreign country. A bug in Internet Explorer allowed the hackers entry, allegedly to spy on the targets and potentially customers who visit their websites.

The intrusions, which started Aug. 19, coincide with major holidays and festivals in that part of the world, according to Kaspersky Lab. The China Moon Festival, for example, took place last week, so fewer companies were online and in a position to respond to any issues.

Security researchers at FireEye detected that some of the malicious programs inserted by the attackers connect back to a server in South Korea. They then discovered several malicious websites also pointing to the same server in South Korea, a clue that ultimately allowed FireEye to make the connection to the attack against Bit9 this year. “The same email address that registered the South Korean server also registered a domain used in the attack on the security company,” Kaspersky reported. 

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.