Cybersecurity experts zone in on 'Lucky Cat' espionage campaign

Computer security experts are zeroing in on what they have called an advanced persistent threat (APT) seeking to spy on at least 90 international targets.

 

Trend Micro said the cyber-espionage campaign, dubbed "Lucky Cat," has been active since June 2011, and uses variety of methods.

 

"Not only did the Lucky Cat perpetrators target military research in India as reported, they expanded the attacks to hit other sensitive entities in Japan, as well as India, including heavily targeted Tibetan activists," Trend Micro said.

 

According to Trend Micro, the perpetrators target industries and communities including aerospace, energy, engineering, shipping, military research, and Tibetan activists.

 

It added the perpetrators used or hosted malware such as ShadowNet, Duojeen, Sparksrv, and Comfoo.

 

The attackers behind the Lucky Cat campaign maintain several command-and-control infrastructures and use anonymity tools to throw law enforcers off their scent, it added.

 

'Advanced persistent threats'

 

Myla Pilao, Trend Micro's director for Core Technology Marketing, said individual targeted attacks are not one-and-done attempts.

 

"Attackers continually try to get inside the target’s networks. They are truly persistent in that sense. We in the industry are calling them advanced persistent threats or APTs because of their level of sophistication and how they are seemingly unrelenting in their focus,” said 

 

Trend Micro said Lucky Cat is considered an APT, a category that aggressively pursues and compromises specific targets to maintain a persistent presence within the victim’s network so they can extract data.

 

Unlike indiscriminate cybercrime attacks, spam, and web threats, APTs are much harder to detect because of the targeted nature of related components and techniques.

 

And unlike cybercrime that focuses on stealing credit card and banking information to gain profit, APTs are better thought of as cyber espionage.

 

Malware identified with the other APTs like ShadowNet, Duojeen, Sparksrv, and Comfoo campaigns were used or found hosted on the same dedicated server used by the LuckyCat campaign.

 

But Pilao said Trend Micro offers Deep Discovery that provides visibility, insight and control over networks necessary to defend these against targeted threats. — TJD, GMA News