Using classic guerrilla tactics, they hit hard and fast and then, just as quickly, they're gone. They get into a computer system, quickly spot what they want, grab it and then get out, cleaning up as they leave to make it harder to detect they were ever there. They've been given the name, "IceFog."
This new crew, dubbed Icefog by Kaspersky Lab, is small and nimble,
and it appears to know exactly what it wants to steal from its victims. Unlike some
other advanced hacker outfits that linger on victims' networks for months or
years after gaining access, the Icefog crew doesn't stick around waiting to get
"They will infiltrate an organization. They know exactly
what they are looking for, pull it out, and as soon as they complete their
assignment they move on -- they actually clean things up and move on," said
Kurt Baumgartner, a security researcher with Kaspersky, during a speech in
The crew steals "sensitive documents and company plans, e-mail
account credentials, and passwords to access various resources inside and
outside the victim's network," reads Kaspersky's press
release. "They look for specific filenames, which are quickly identified,
and transferred to" Icefog.
Most alarming are the crew's attacks against smaller parts suppliers
to major defense contractors. Icefog's hackers could break into the poorly
defended network of a defense subcontractor and plant destructive malware
inside its products before they are placed in a weapon such as a fighter jet.
This "creates a lot of problems because not only is there
potential for economic espionage ... there's the chance for low-scale sabotage
with destructive attacks that bring a whole new set of challenges," said
adversaries are very active in trying to introduce material into the supply
chain in ways that threaten our security from the standpoint of their abilities
to collect [intelligence] and disrupt" U.S. military operations, said
[David] Shedd, [deputy director of the U.S. Defense Intelligence Agency].
Stealing secrets is one thing. It's long been known that the Chinese have hacked design information and millions of lines of code from F-35 programme contractors. It's believed a lot of this stolen data went straight into the design of China's own new stealth fighters.
Implanting undetected malware could be the greater threat. Most military hardware today is heavily software-dependent. Infecting it with 'sleeper' malware that can prevent its proper operation when needed is every bit as effective as destroying it with firepower. It's also super cost-effective. It's believed the Chinese are working on ways to transmit malware code into the F-35 while it's airborne. Why bother shooting it down if you can seize control of it and force it to crash?