Report identifies new Asia-based hacking group

LONDON (AP) - The group thought to be behind a 2011 cyberattack on Japan's parliament is also responsible for a string of electronic break-ins at Asian defense companies, security company Kaspersky said in a report Thursday.

The Moscow-based antivirus vendor said the hackers, who hit personal computers used by Japanese lawmakers in a widely publicized attack two years ago, also stole commercial blueprints, design material, and budget documents from a string of South Korean and Japanese military contractors in the months that followed.

"They are targeting the supply chain for the bigger defense contractors," researcher Costin Raiu said in a telephone interview.

He said the speed of the break-ins _ the quickest of which ended less than an hour after the hackers began scanning their victims' computers _ and the highly selective nature of the files they stole suggested they were guns for hire.

"Our opinion is that they do it on contract," Raiu said. "They don't do it in a mass market style, selling information by the gigabyte."

Kaspersky said it was able to get an insight into the hackers by taking over some of their servers and decoding their log files, which basically serve as a running tally of which files are being stolen from whom. Kaspersky named a series of Japanese and South Korean firms as being among the group's targets, but it did not specify whether they actually had data stolen.

Kaspersky gave the group the name "Icefog," after a line of code found on one of the group's servers. As for who's behind Icefog, some mystery remains. Raiu said the attackers used Chinese characters and, in one case, appear to have inadvertently left their names in the code of one of the component pieces of their software.

But he said the group appeared to fluent in Korean and Japanese and said forensic data gathered by Kaspersky pointed to a cross-border outfit operating out of China, South Korea, and Japan. If true, it would be an interesting wrinkle given that the three countries are often thought of as commercial rivals.

"It's definitely unusual," he said.

(Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)

Top Stories

  • New Look
    The Seattle Police Department unveils new uniforms, logo

  • 'It Was My Turn'
    K.J. Wright has signed a $27 million, four-year extension with the Seahawks

  • Holiday Map
    Find holiday events, Santa photo opportunities, and light displays
ATTENTION COMMENTERS: We've changed our comments, but want to keep you in the conversation.
Please login below with your Facebook, Twitter, Google+ or Disqus account. Existing MyNorthwest account holders will need to create a new Disqus account or use one of the social logins provided below. Thank you.
comments powered by Disqus
Listen to the show
Hear GeekWire on KIRO Radio
Join Todd Bishop and John Cook weekends on KIRO Radio to talk Seattle technology.

Sign up for breaking news e-mail alerts from
In the community
Do you know an exceptional citizen who has impacted and inspired others?
KIRO Radio and WSECU would like to recognize six oustanding citizens this year. Nominate them to be recognized and to receive a $2,000 charitable grant.