Threat Alert! New Group Adopts New Hacking Tools and Your Enterprise Data Storage is the Target
by Andrew Mullen on June 20, 2016
Move over, Anonymous, there's a new hacking group in town. A Russian group, which is known by the moniker Pawn Storm and sometimes also called Sofacy, is emerging as yet another cyber espionage group to be wary of. They are most notable for using zero-day and backdoor techniques for infiltrate defense contractors, but their activities aren't limited to those organizations. Though they may have been in operation in some capacity since as early as 2007, they only began to receive high-level attention in the past couple of years. According to researchers with Kapersky Lab, the group's activities have increased by tenfold over previous years. Their actions have been felt across governments, security and military agencies, and other interests, most of which would either directly or indirectly benefit Russia.
How Pawn Storm Does Their Thing
Pawns can be deceptively deadly. Is a Storm headed your way?
One of their most recent tactics involves targeting "air gaps". Air gaps are used by various enterprise data storage professionals to create a buffer between the dangers of the Internet and secure data stores. These data stores are deliberately left offline for security purposes, but it is common for workers to copy and store this data on USB drives. Pawn Storm has developed malicious software capable of detecting and stealing the information off of these USB devices, thereby compromising data protected by such air gaps.
Pawn Storm is also notable for their use of other malware, particularly high-level phishing emails, designed to divert the user to a spoof website (such as one that looks like the online version of Outlook) in order to steal their login credentials.
According to cyber security specialists with Kaspersky Lab, Pawn Storm has been actively engaged in an ongoing attack against multiple defense contractors since last August. They have been utilizing a newly developed version of a backdoor application called AZZY, along with a brand new collection of data theft modules, which are used to conduct the air gap attacks on USB devices where the enterprise data storage is offline.
Pawn Storm, unfortunately, joins the ranks of other hacking groups using similar techniques, most notably Equation and Flame. Pawn Storm has also targeted multiple zero-day vulnerabilities, including those discovered in Office and Java. Cyber security experts warn that these are highly-trained hackers with sophisticated tools and techniques, backed by considerable funding.
What Makes an Organization a Target?
Pawn Storm joins the ranks of cyber espionage and terrorist groups like Anonymous, Flame, and Equation.
For now, the group seems primarily politically motivated. Those with business, financial, or military interests that might be seen as opposed to the interests of Russia are most likely to be targeted by this particular group. For instance, any company working with groups or companies in Ukraine should be particularly cognizant of Pawn Storm's tactics and activities. Media personalities have also found themselves in the crosshairs of these cyber terrorists.
How You Can Keep Your Enterprise Data Storage Safe
If this sounds like your business or organization, what can you do?
• Improve user training on identifying phishing attacks.
• Improve user training on the concepts and techniques of credential phishing.
• Improve user awareness and understanding of malicious iFrames (in environments where Apple products are in use).
The best way to protect against the activities of Pawn Storm and other such hacking and cyber terrorist groups is to centralize enterprise data storage, so that there is a single point of access. Most companies choose to do this by creating an on-premises private cloud, or by utilizing a public cloud with enterprise-grade security measures, such as Microsoft Azure. You can then empower secure file sharing via CloudFAST. You can learn how this works when you download the Talon CloudFAST data sheet.