Russian Space Research Industry Targeted by Cybercriminals Possibly from Korea

The education, information and telecommunication industries are targeted as well

By on December 11th, 2012 13:10 GMT

Cyber espionage is highly common these days. To sum it all up, China is suspected of spying on the US, the US is accused of spying on France, and everyone is throwing the blame on Iran.

However, a new cybercriminal campaign, identified by experts from security firm FireEye, involves two other interesting actors: Russia and Korea.

The researchers have discovered an advanced persistent threat (APT) that targets organizations from various Russian industries, including space research, education, information and telecommunication.

It appears that the attackers are attempting to steal various pieces of sensitive information from their targets by tricking them into installing malware disguised as an innocent-looking Word document.

FireEye believes that Korea might be behind this operation for various reasons. For one, the SMTP mail and the command and control servers used by the malware are located in Korea (it’s not specified which Korea).

Furthermore, the fonts from the bait document are Batang and KP CheongPong, which are also Korean. Moreover, there are several other clues which point to the fact that the masterminds of the operation are native Korean speakers.

Comments