By Brian Prince on October 22, 2014

 

Researchers at Trend Micro today released a paper on a cyber-espionage operation targeting military, government and media organizations around the world.

 

The group behind the operation is believed to have been active since at least 2007 and continues to launch new campaigns against targets throughout the world, including the United States. In June 2014 they compromised government websites in Poland and last month infected the website for Power Exchange in Poland as well.  

 

"The cyber criminals behind Operation Pawn Storm are using several different attack scenarios: spear-phishing emails with malicious Microsoft Office documents lead to SEDNIT/Sofacy malware, very selective exploits injected into legitimate websites that will also lead to SEDNIT/Sofacy malware, and phishing emails that redirect victims to fake Outlook Web Access login pages," explained Trend Micro Senior Threats Researcher Jim Gogolinski.

 

"Our investigation into Pawn Storm has shown that the attackers have done their homework," he added. "Their choices of targets and the use of SEDNIT malware indicate the attackers are very experienced; SEDNIT has been designed to penetrate their targets’ defenses and remain persistent in order to capture as much information as they can."

 

Full Article