Hackers Hit Three Large U.S. Firms, Smaller MSSPs Should Be On Alert

CRN, By Rob Westervelt

A loose-knit group of cyberattackers believed to have ties to the Chinese government has infiltrated several U.S. companies using Java-based malware and established a long- term presence.

The latest round of attacks could be a U.S.-specific operation, said researchers at security vendor Kaspersky Lab in a report released Tuesday. The malware, called Javafog, can remain stealthy, maintaining a presence on corporate systems, the Kaspersky researchers said. Until now, the latest attacks from the cybermercenary hacking operation known as Icefog have used hit-and-run-style tactics, abandoning infected systems once data is accessed.

"With Javafog, we are turning yet another page in the Icefog story by discovering another generation of backdoors used by the attackers," according to the report issued by Kaspersky. "We can assume that, based on their experience, the attackers found the Java backdoor to be more stealthy and harder to notice, making it more attractive for long-term operations." Read more.