Security group uncovers prolific spyware campaign originating in Lebanon
Tue 31 Mar 2015
Security firm Check Point Software has discovered a computer espionage campaign, which is thought to have originated from a government agency or political group in Lebanon, proving that sophisticated attacks are spreading beyond the world’s most powerful spying nations.
The spying programme targeted telcos and other networking groups, as well as military agencies, media organisations, and other businesses in Lebanon, Israel, Turkey and at least seven other countries. The research also uncovered infected hardware in the U.S., the UK and Canada. According to Check Point, any link to financial motives had been ruled out.
The Israeli security company has dubbed the espionage model as Volatile Cedar, which it expects to have been in operation for at least three years. The spyware has been created using bespoke software which bears some of the trademarks of politically-led campaigns. Lead researcher Shahar Tal explained that on two occasions, after the software had been identified as malicious, the computer malware had paused and instead distributed alternative versions which were able to avoid anti-virus mechanisms.
Check Point have revealed that although the main purpose of the spyware was to steal and distribute data, the campaign was also used to erase files and execute other actions under the control of remote computers.
Tal described an unusual method deployed by the distributors to install the malware. In lieu of emailing corrupted links or attachments, the group behind Volatile Cedar attacked through the targets’ public webpages, before continuing the hack through these host computers to other networked hardware which contained more critical information.
“They are not `script kiddies,’ [low-skill hackers], but we have to say in terms of technical advancement, this is not NSA-grade,” said Tal. “They are not replacing hard-drive firmware,” he added, as seen in the spy software found recently by Kaspersky Lab.
Tal said that authorities in all the affected countries had been notified of the spyware, in which he suggested that hundreds of cyberespionage Volatile Cedar campaigns had been detected.