Pawn Storm behind cyber-attacks on organisations conducting Winter Olympics

Prominent hacker group Pawn Storm could target the upcoming Winter Olympics as well as several significant global elections in 2018, warn researchers at security firm Trend Micro.

Even though attacks conducted by Pawn Storm don't reveal much technical innovation, the group makes up for it by using well-planned and persistent attacks using social engineering tricks, malware and exploits.

Last year, in an eye-opening report, researchers at Trend Micro had revealed how Pawn Storm launched a sustained attack on French presidential candidate Emmanuel Macron's campaign team. The firm said that the hackers created phishing domains to steal passwords of candidates or to install viruses in computers. At the same time, the group attempted to influence public opinion, to influence elections, and sought contact with mainstream media with some success.

A new report released by the firm makes it clear that Pawn Storm's attack on Macron wasn't a unique one. The group has, over the years but especially since 2015, launched similar attacks on armed forces, the defence industry, news media, and politicians to achieve its geopolitical aims.

YOU MAY ALSO LIKE:

While its scale of operations puts Pawn Storm on par with other groups like Fancy Bears, the researchers noted that while their attacks didn't show much technical innovation over time, the group made up for it by conducting 'well prepared, persistent, and often hard to defend against' cyber-attacks using social engineering tricks, malware and exploits.

'Pawn Storm’s modus operandi is quite consistent over the years, with some of their technical tricks being used repeatedly. For example, tabnabbing was used against Yahoo! users in August and September 2017 in US politically themed email. The method, which we first discussed in 2014, involves changing a browser tab to point to a phishing site after distracting the target,' they said.

The group has also conducted a large number of attacks by initially stealing credentials of victims using phishing e-mails. Their latest credential-phishing tactics were observed as late as in November 2017 when a Dutch NGO was targeted twice using such e-mails. Two common phishing e-mails used by the group are one that asks users to change account passwords, thereby making them click on malicious links, and another that notifies employees about a new file on the company’s OneDrive system.

The researchers added that in the second half of 2017, Pawn Storm upped its game and started attacking major organisations such as the European Ice Hockey Federation, the International Ski Federation, the International Biathlon Union, the International Bobsleigh and Skeleton Federation and the International Luge Federation. Considering that these organisations had banned several Russian athletes from participating in the upcoming Winter Olympics, the group's nationality is now clear to one and all.

Around the same time, Pawn Storm also targeted the presidential elections in Iran by setting up a phishing site targeting webmail users and stealing their credentials, just like what the group did prior to and during elections in France, Germany, Montenegro, Turkey, Ukraine, and the United States.

Considering what Pawn Storm can do and how well-equipped it is to launch new cyber offensives on political, military and civilian targets, the researchers believe that they still stand a fair chance of anticipating and disrupting such attacks as the group's methods haven't really changed in the last four years.

However, considering how easily existing hacker groups have been able to influence opinions on social media prior to elections and propagate fake news at an alarming scale, a number of new groups could also shift their focus and start conducting social media campaigns to meet political ends.

'In 2016, we published a report on C Major, an espionage group that primarily targets the Indian military. By digging deeper into C Major’s activities, we found that this actor group not only attacks the Indian military, but also has dedicated botnets to compromised targets in Iranian universities, Afghanistan, and Pakistan.

'Recently, we have witnessed C Major also showing some interest in compromising military and diplomatic targets in the West. It is only a matter of time before actors like C Major begin attempting to influence public opinion in foreign countries, as well,' they said.