IceFog - The New Gang of Asian Hackers

Using classic guerrilla tactics, they hit hard and fast and then, just as quickly, they're gone.   They get into a computer system, quickly spot what they want, grab it and then get out, cleaning up as they leave to make it harder to detect they were ever there.  They've been given the name, "IceFog."

This new crew, dubbed Icefog by Kaspersky Lab, is small and nimble, and it appears to know exactly what it wants to steal from its victims. Unlike some other advanced hacker outfits that linger on victims' networks for months or years after gaining access, the Icefog crew doesn't stick around waiting to get caught.

"They will infiltrate an organization. They know exactly what they are looking for, pull it out, and as soon as they complete their assignment they move on -- they actually clean things up and move on," said Kurt Baumgartner, a security researcher with Kaspersky, during a speech in Washington today. 

The crew steals "sensitive documents and company plans, e-mail account credentials, and passwords to access various resources inside and outside the victim's network," reads Kaspersky's press release. "They look for specific filenames, which are quickly identified, and transferred to" Icefog.

Most alarming are the crew's attacks against smaller parts suppliers to major defense contractors. Icefog's hackers could break into the poorly defended network of a defense subcontractor and plant destructive malware inside its products before they are placed in a weapon such as a fighter jet.

This "creates a lot of problems because not only is there potential for economic espionage ... there's the chance for low-scale sabotage with destructive attacks that bring a whole new set of challenges," said Baumgartner. 

"Our adversaries are very active in trying to introduce material into the supply chain in ways that threaten our security from the standpoint of their abilities to collect [intelligence] and disrupt" U.S. military operations, said [David] Shedd, [deputy director of the U.S. Defense Intelligence Agency].  

Stealing secrets is one thing.   It's long been known that the Chinese have hacked design information and millions of lines of code from  F-35 programme contractors.  It's believed a lot of this stolen data went straight into the design of China's own new stealth fighters.

Implanting undetected malware could be the greater threat.   Most military hardware today is heavily software-dependent.   Infecting it with 'sleeper' malware that can prevent its proper operation when needed is every bit as effective as destroying it with firepower.  It's also super cost-effective.  It's believed the Chinese are working on ways to transmit malware code into the F-35 while it's airborne.  Why bother shooting it down if you can seize control of it and force it to crash?