The depiction of modern spying is one that is often misunderstood. ‘Boots on the ground’ approaches still have their uses, however the days of fast cars, martinis (shaken, not stirred) and watches that both tell the time and cut through steel are all but over. In its place, the almost-as-glamorous glow of a computer screen, late nights and coffee after coffee after coffee is the modus operandi of the world of espionage.
Pawn Storm, as it is known in the computer security industry, is one of the largest campaigns of cyber-espionage ever to be tracked and recorded. It is notable for several game changing technical factors, targeting several high-profile figures as well as being involved in many political happenings around the world. First discovered in 2014, the group successfully attacked Polish government websites. Later that year, a US Nuclear fuel dealer was targeted, alongside several military institutions in US and Europe.
The group, now believed to have links with the Russian government, targets several organisations: US government and media outlets, NATO members, Ukraine military, governments around Europe, the Middle East and Asia, as well as Russian political opponents and media. Attacking these groups often involves one of three tactics: Spear-phishing (where a specific person is targeted with a fake email), credential phishing (where fake login pages are used to capture a person’s login details), and zero-day vulnerabilities (where a security flaw has been found yet no patch has been made available). Finally, in February 2015, the group was found to have been successful in creating malicious iOS applications.
One particular point to note; the group was seen to target the International Investigation Team that was investigating the circumstances of the MH17 flight after it appeared to have been shot down by a missile.
So why has Operation Pawn Storm suddenly arrived back in the news, almost a year since the last major event that it was involved with? Simply put, a new target has been added to the list. Research has shown that the Turkish Prime Minister, the Turkish parliament as well as the largest media outlets in Turkey have all been targeted. Security firm Trend Micro believes this turn of events is in response to deteriorating diplomacy between Russia and Turkey following the Turkish Air Force shooting down a Russian fighter jet close to the Syrian border, as well as Turkey being used as an entry-point for Syrian refugees.
As far as we know, the cyber-espionage has been stopped in its tracks, but who knows what the attackers may have gleaned? Welcome to the new world of espionage.
Image source (Pixabay)