Comprehensive analysis details activities against Germany, Turkey, Saudi Arabia, United States & Israel
A new report on the group known as “CopyKittens” details its increased activity in support of its political ambitions. The report is co-authored by ClearSky and Trend Micro.
CopyKittens, which has been active since 2013, recently targeted government, security and academic institutions, and websites in Germany and Turkey as well as United Nations’ employees and organizations in Saudi Arabia, Israel and Jordan.
In an incident detailed in the report, members of the German Bundestag were compromised by watering holes positioned within several legitimate websites that were hacked and linked to harmful third-party sites. Another incident cited explains how a Turkish diplomatic institution was hacked and used as a cover to launch a massive spear phishing campaign, with victims receiving a highly targeted message from a legitimate, known source.
CopyKittens is very persistent, despite lacking technological sophistication and operational discipline. These characteristics, however, cause it to be relatively noisy, making it easy to find, monitor and apply counter measures relatively quickly.
The group has independently developed several new hacking tools. They also use commercially available hacking tools such Cobalt Strike and Metasploit, which are generally for penetration testing and thus allow them to stay under the radar.
The extensive report details how its experts gained intimate access to the group’s activity, methods, tools and infrastructure. They have shed new light on the operations and priorities of the intelligence organization operating the group.
“We’ve been tracking CopyKittens for four years and have become very intimate with its operations,” says Boaz Dolev, CEO, ClearSky Cyber Security. “Our analysis gives indications about the group’s political motivations. Analyzed within this context, these attacks deliver fresh insights,” concluded Dolev.
The report can be accessed via the ClearSky blog – www.clearskysec.com/tulip and under Trend Micro Blog – blog.trendmicro.com: http://blog.trendmicro.com/copykittens-exposed-clearsky-trend-micro/.
About ClearSky
ClearSky provides custom-tailored comprehensive cybersecurity defense, including cyber intelligence, strategic security consulting and security project development and implementation to financial institutions, government entities and critical infrastructure companies. Clients include major utility companies in the United States, Scotland, Spain, and Israel, as well as many key governmental, industrial and financial institutions in Israel. For more information visit www.clearskysec.com
About Trend Micro
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 5,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit www.trendmicro.com.