14 DAY TRIAL // Technical details regarding the hacking of French broadcaster TV5Monde point to assailants hailing from Russia, with ties to the government, according to security experts analyzing a restricted document.
TV5Monde lost control of its entire network in April, its antennas being paralyzed and program emission halted on all its 11 channels received in more than 200 countries.
The attackers, who revealed themselves as being the CyberCaliphate division of ISIS, also gained access to the broadcaster’s social media accounts (Facebook and Twitter) and its website. They left messages glorifying the Sharia law and threatened French soldiers involved in the fight against ISIS.
Malware came from server in Brazil
All evidence pointed to jihadists, but French newspaper L’Express obtained from the French Network and Information Security Agency (ANSSI) a document with details about the attack that would suggest otherwise.
The information was passed to security company Trend Micro, who determined that it was downloaded from a server in Brazil and that the modus operandi of the threat actor resembles very much that of “Pawn Storm,” a group of hackers in Russia believed to be sponsored by the government in Moscow.
Among the clues leading to this information are the fact that code was written on a Cyrillic keyboard and that the compilation times of the malicious programs fit the work hours in St. Petersburg.
Finding the culprit is not easy
Attribution is a difficult task, and unless there is more solid evidence to reveal the threat actor, there is a good chance the conclusion is erroneous.
Although it does not make sense for Russian hackers to put the blame on ISIS, this cannot be excluded. However, malware pieces can circulate from one group to another, and spear-phishing, which was used in the case of TV5Monde, remains the most prevalent method of intrusion.
Sending well-crafted emails to a key person to lure them into downloading malware requires good knowledge of the target’s interests and activities.
Advanced attackers, like those behind Pawn Storm, spend the time looking for details about the victim in order to make sure that the bait is taken.