Share this article

print logo

‘Icefog’ hackers target world’s weapons suppliers

WASHINGTON – A new cyber-theft ring from Asia is committing a string of smash-and-grab-style attacks against suppliers to major military contractors.

This isn’t just any hacker crew; its targeting of defense subcontractors means it could easily undermine the integrity of the world’s weapons.

This new crew, dubbed Icefog by Kaspersky Lab, is small and nimble, and it appears to know exactly what it wants to steal from its victims.

Unlike some other advanced hacker outfits that linger on victims’ networks for months or years after gaining access, the Icefog crew doesn’t stick around waiting to get caught.

“They will infiltrate an organization. They know exactly what they are looking for, pull it out, and as soon as they complete their assignment they move on – they actually clean things up and move on,” said Kurt Baumgartner, a security researcher with Kaspersky, during a speech in Washington this week.

Kaspersky researchers think the people behind Icefog are based in China, South Korea and Japan.

Icefog has attacked several hundred victims – everything from TV stations, satellite operators, maritime logistics firms, communications businesses, defense contractors and shipbuilders, according to Kaspersky.

Most of the victims are in South Korea and Japan, but victims have been found everywhere from China to Belarus. There are also “strong suggestions that there were Western targets, including the U.S.,” said Baumgartner.

The crew steals “sensitive documents and company plans, email account credentials and passwords to access various resources inside and outside the victim’s network,” reads Kaspersky’s news release.

“They look for specific filenames, which are quickly identified, and transferred to” Icefog, according to the release.

Most alarming are the crew’s attacks against smaller parts suppliers to major defense contractors.

Icefog’s hackers could break into the poorly defended network of a defense subcontractor and plant destructive malware inside its products before they are placed in a weapon such as a fighter jet.

This past July, David Shedd, deputy director of the U.S. Defense Intelligence Agency, warned that foreign intelligence agencies are trying to do exactly that to American military suppliers.

“Our adversaries are very active in trying to introduce material into the supply chain in ways that threaten our security from the standpoint of their abilities to collect [intelligence] and disrupt” U.S. military operations, said Shedd.

Making things worse is that the United States doesn’t have a true understanding of how vulnerable its supply chain is to this style of attack.

“I’m generally an optimist, [but] in the supply chain area, I’m very concerned,” said Shedd, given that he doesn’t truly know the full extent of adversary penetration into Defense Department weapons systems.

“You don’t know what you don’t know, and the old adage of the weakest link is obviously what we need to be concerned about,” he said.

That’s exactly the link Icefog is pounding. Baumgartner said the small, well-funded crew of “cyber-mercenaries” develops new attack techniques for each target.

This makes Icefog incredibly hard to track, since researchers have a hard time connecting individual attacks – before it’s too late.