Threat Alert! New Group Adopts New Hacking Tools and Your Enterprise Data Storage is the Target

by Andrew Mullen on June 20, 2016

Move over, Anonymous, there's a new hacking group in town. A Russian group, which is known by the moniker Pawn Storm and sometimes also called Sofacy, is emerging as yet another cyber espionage group to be wary of. They are most notable for using zero-day and backdoor techniques for infiltrate defense contractors, but their activities aren't limited to those organizations. Though they may have been in operation in some capacity since as early as 2007, they only began to receive high-level attention in the past couple of years. According to researchers with Kapersky Lab, the group's activities have increased by tenfold over previous years. Their actions have been felt across governments, security and military agencies, and other interests, most of which would either directly or indirectly benefit Russia.

How Pawn Storm Does Their Thing

Pawns can be deceptively deadly. Is a Storm headed your way?

One of their most recent tactics involves targeting "air gaps". Air gaps are used by various enterprise data storage professionals to create a buffer between the dangers of the Internet and secure data stores. These data stores are deliberately left offline for security purposes, but it is common for workers to copy and store this data on USB drives. Pawn Storm has developed malicious software capable of detecting and stealing the information off of these USB devices, thereby compromising data protected by such air gaps.

Pawn Storm is also notable for their use of other malware, particularly high-level phishing emails, designed to divert the user to a spoof website (such as one that looks like the online version of Outlook) in order to steal their login credentials.

According to cyber security specialists with Kaspersky Lab, Pawn Storm has been actively engaged in an ongoing attack against multiple defense contractors since last August. They have been utilizing a newly developed version of a backdoor application called AZZY, along with a brand new collection of data theft modules, which are used to conduct the air gap attacks on USB devices where the enterprise data storage is offline.

Pawn Storm, unfortunately, joins the ranks of other hacking groups using similar techniques, most notably Equation and Flame. Pawn Storm has also targeted multiple zero-day vulnerabilities, including those discovered in Office and Java. Cyber security experts warn that these are highly-trained hackers with sophisticated tools and techniques, backed by considerable funding.

What Makes an Organization a Target?

Pawn Storm joins the ranks of cyber espionage and terrorist groups like Anonymous, Flame, and Equation.

For now, the group seems primarily politically motivated. Those with business, financial, or military interests that might be seen as opposed to the interests of Russia are most likely to be targeted by this particular group. For instance, any company working with groups or companies in Ukraine should be particularly cognizant of Pawn Storm's tactics and activities. Media personalities have also found themselves in the crosshairs of these cyber terrorists.

How You Can Keep Your Enterprise Data Storage Safe

If this sounds like your business or organization, what can you do?

• Improve user training on identifying phishing attacks.
• Improve user training on the concepts and techniques of credential phishing.
• Improve user awareness and understanding of malicious iFrames (in environments where Apple products are in use).

The best way to protect against the activities of Pawn Storm and other such hacking and cyber terrorist groups is to centralize enterprise data storage, so that there is a single point of access. Most companies choose to do this by creating an on-premises private cloud, or by utilizing a public cloud with enterprise-grade security measures, such as Microsoft Azure. You can then empower secure file sharing via FAST. You can learn how this works when you download the Talon CloudFAST data sheet.

February 18, 2019

Talon and NetApp Enable Enterprises to Utilize a Revolutionary Software Storage Platform

Talon and NetApp work closely to provide businesses with enterprise grade cloud storage and file management. Through NetApp’s Cloud Volumes ONTAP and Talon’...
Continue »

May 31, 2018

Managing Unstructured Data

Data is the cornerstone of an enterprise. It shapes the evolution of corporations and dictates international investments. Unfortunately, many global organizatio...
Continue »

May 29, 2018

The Future of Data Analysis: Fog Computing

To understand fog computing, basic knowledge of edge computing is required. Edge computing, or remote computing, is the current forefront of data analysis and s...
Continue »