Mobile spy program targets oil industry

A cyber-espionage campaign thought to be the next step in the Red October operation appears to be targeting, among others, oil industry users of Android, iOS and BlackBerry mobile devices through spear-phishing attacks.

01/15/2015


A cyber-espionage campaign is targeting, among others, oil industry users of Android, iOS and BlackBerry mobile devices through spear-phishing attacks. The campaign uses a complex infrastructure relying on "a convoluted network of router proxies and rented hosts, most likely compromised because of poor configurations or default credentials," to deliver targeted malicious emails, said researchers at security and network solutions provider Blue Coat.

Because of this, they named the campaign "The inception framework," a reference to Christopher Nolan's 2010 movie Inception starring Leonardo DiCaprio.

Another security firm analyzed the malware used in this operation who called the malware Cloud Atlas and identified plenty of similarities to the toolset used in the Red October campaign, said researchers at Kaspersky Lab.

"The interests of Cloud Atlas attackers match those of Red October, taking into account the geopolitical changes from the last 2 years," said Costin Raiu, director of global research and analysis team (GReAT) at Kaspersky Lab.

In an extensive report on Inception/Cloud Atlas, Blue Coat revealed the bad guys planned attacks on mobile devices of high-profile targets in different sectors, from finance and oil industry to military, engineering and politics, in different parts of the world.

The researchers found the attackers were able to use the Bit.ly URL shortening service to create links pointing to machines serving malicious payloads for the mobile devices.

From one account alone, about 10,000 such links ended up created, all leading to only three IP addresses, with a pattern that included a target identifier and an action code for serving malware guised as an app update (WhatsApp or Viber) or MMS phishing. In the case of phishing, the action code also identified the mobile carrier for the device in order to deliver the appropriate telecom company logo.

Blue Coat said they were not able to get all the data on the targeted mobile operators because the attackers took the servers offline.

"We managed to get 66 of a total of 190," which accounts for 35%, after going through 3152 of 4781 phishing links, the report said. According to the intelligence they collected, it appears that the top three operators were Vodafone, T-Mobile, and Proximus (Belgacom).

After analyzing the malicious updates, Blue Coat found the main feature of the Android version of the malware was to record phone calls, but it could also track location, read contact list, monitor incoming/outgoing calls or text messages.

The attackers used LiveJournal accounts to store the information and communication with the compromised device.

On iOS, researchers found the fake update impersonated a Cydia installer, which could be add on to jail broken devices.

The data would end up exfiltrated to an FTP account on a hosting service in the UK, and included device and system information, address book, phone number, name of the carrier, Wi-Fi status, MAC address, battery level, total and free space, time zone (default and local), Apple ID, list of downloaded apps, and computer used for creating a backup.

On the BlackBerry platform, a similar set of details as in the case of iOS ended up retrieved and delivered to a DynDNS domain in a U.S.-based webhosting service.

Important to note is the command and control servers are different for each platform. In the case of desktop computers, the attackers relied on Swedish cloud storage service Cloud Me to store the stolen data and to deliver new modules to the compromised system.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource. Edited by Joy Chang, Digital Project Manager, CFE Media, jchang@cfemedia.com 



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me