22 March 2013

TeamSpy snooped on governments, big biz undetected for 10 years


Computer security researchers say they have uncovered a decade-long espionage campaign against governments, businesses and human-rights activists in Eastern Europe and beyond.

We're told the spying operation was partially pulled off by subverting TeamViewer - a legitimate tool for remotely controlling computers and holding meetings online. The snoopers installed the software on victims' Windows PCs and modified the code's behaviour with DLL hijacking to open a backdoor on the compromised machines. This successful tactic earned the campaign the nickname of TeamSpy and kept the hacking crew under the radar for years.
The researchers, who are based at the Laboratory of Cryptography and System Security (CrySyS Lab), said the spying team also used custom-built malware in days gone by.
......

"The campaigns are a mix of targeted attacks and conventional cyber-crime activities, for example, banking crime operations such as the Sheldor campaign."
CrySyS Lab reckoned the attacks are the work of a small and technically skilled team that has grown more sloppy over the years as complacency set in.

.....
TeamSpy's modus operandi is similar to the approach taken by the hackers behind the earlier Red October attack, although the two operations are not thought to be directly linked. The TeamSpy crew usually roped in victims using so-called waterhole attacks based on planting malicious code on websites frequently visited by people working at targeted organisations. That attack code was also injected into advertising networks that ran across the targeted regions.

A detailed technical analysis by Kaspersky Lab of TeamSpy can be found here [PDF]. ®

....


Click here to read more ....

No comments:

Post a Comment