LONDON (AP) The group thought to be behind a 2011 cyberattack on Japan's parliament is also responsible for a string of electronic break-ins at Asian defense companies, security company Kaspersky said in a report Thursday.
The Moscow-based antivirus vendor said the hackers, who hit personal computers used by Japaneselawmakers in a widely publicized attack two years ago, also stole commercial blueprints, design material, and budget documents from a string of South Korean and Japanese military contractors in the months that followed.
"They are targeting the supply chain for the bigger defense contractors," researcher Costin Raiu said in a telephone interview.
He said the speed of the break-ins the quickest of which ended less than an hour after the hackers began scanning their victims' computers and the highly selective nature of the files they stole suggested they were guns for hire.
"Our opinion is that they do it on contract," Raiu said. "They don't do it in a mass market style, selling information by the gigabyte."
Kaspersky said it was able to get an insight into the hackers by taking over some of their servers and decoding their log files, which basically serve as a running tally of which files are being stolen from whom. Kaspersky named a series of Japanese and South Korean firms as being among the group's targets, but it did not specify whether they actually had data stolen.
Kaspersky gave the group the name "Icefog," after a line of code found on one of the group's servers. As for who's behind Icefog, some mystery remains. Raiu said the attackers used Chinese characters and, in one case, appear to have inadvertently left their names in the code of one of the component pieces of their software.
But he said the group appeared to fluent in Korean and Japanese and said forensic data gathered by Kaspersky pointed to a cross-border outfit operating out of China, South Korea, and Japan. If true, it would be an interesting wrinkle given that the three countries are often thought of as commercial rivals.
