A Cyber-spy group is reported to have attempted to hack the Dutch Safety Board officials’ computers tasked with the MH17 air crash investigation.
Pawn Storm, a Russian spy group believed to have close connections with the Russian government reportedly targeted the Dutch agency before and after the safety board published their detailed report on the MH17 incident on October 13, 2015, Trend Micro reported on its website October 22.
“Pawn Storm has a long history of targeting government agencies and private organizations to steal sensitive information. Our most recent findings show that they targeted the international investigation team of the MH17 plane crash from different sides,” the company said.
Trend Micro believes that a fake server mimicking an SFTP server of the Dutch agency was set up on September 28, 2015, later a fake VPN server of the same organization was set up on October 14, 2015. These were used for credential phishing attacks against the personnel of the safety board to get unauthorized access to both the SFTP and the VPN server.
The Trendlabs Security blog said this was the first time that they have seen direct evidence of an APT group attempting to get unauthorized access to a VPN server.
“The VPN server of the Safety Board looks to use temporary tokens for authentication. However, these tokens can be phished in a straightforward way and tokens alone do not protect against one-time unauthorized access by third parties, once the target falls for the phishing attack,” the website said.
The attacks weren’t limited to the Dutch Safety Board.
On September 29 2015, a fake Outlook Web Access (OWA) server was set up to target an important partner of the Dutch Safety Board in the MH17 investigation. We were able to warn the affected party in a very early stage, thus probably preventing the attack to succeed.
These discoveries show that it is very likely that Pawn Storm coordinated attacks against different organizations to get sensitive information on the MH17 plane crash.
In a press release, Trend Micro said it notified the safety board before any information was accessed.
Speaking to AFP, a spokeswoman for the Dutch Safety Board said the cyber incidents had been uncovered, but did not provide details on who they thought the perpetrators were. She also said there was "no evidence" the efforts had succeeded.
In the past, the group is believed to have carried out attacks against the White House, NATO, and Syrian opposition. Trend Micro reported that Pawn Storm is boosting its attack efforts targeting the Syrian groups, along with other countries in the region that have spoken out against Russia.
The MH17 flight was brought down with a high degree of accuracy last July 17 killing 298 passengers onboard. The results of the investigation was released in October this year.
The official report concluded that Malaysia Airlines flight MH17 was shot down by a Russian-made BUK missile fired from rebel-held eastern Ukraine.
The report rejected Moscow's contention that the plane was hit by a missile fired by Ukrainian troops as it flew at some 33,000 feet above the territory.
The report said, "The investigation was not concerned with question of blame or liability.
Russia has denied using Buk missile in the Malaysian MH17 flight crash that happened last summer and says that it was done by the missile in possession of Ukrainian troops within three-four kilometres area. The official report however have concluded that Malaysia Airlines flight MH17 was shot down by a Russian-made BUK missile fired from rebel-held eastern Ukraine
US relied on social media for ‘forensic evidence against Russian backed rebels for the shooting down of the Malaysian Airlines Flight MH 17. State Department Spokesperson Marie Harf disclosed that “evidence” was a You Tube video showing a conversation between a separatist leader and a Russian military commander where the former accepts responsibility for shooting down the airliner
The Dutch military has received an actual Buk anti-aircraft missile system from Georgia to use in its investigation of the Malaysian Airlines Flight MH17 downing in July 2014. According to a report by Dutch television news service
The investigating team of MH17 airliner crash has found a component belonging to the Russian-made Buk missile at the crash site in eastern Ukraine. The Joint Investigation Team (JIT) published an image which shows a "Venturi", which emits propellant gases, like a car exhaust
China Shipbuilding Company Executive Being probed for Graft
Saab to Provide Additional Functionality for UAE’s GlobalEye Airborne Warning System
Oshkosh Wins $159 Million to Supply 771 Medium Tactical Vehicles to US
India Plans Defence Equipment Factories in Vietnam
BEL in Race to Develop Infrared Tracking System For Sukhoi Su-30 MKI...
Draken Wins USAF $280 Million ADAIR Services Contract
Pakistan Signs Deal to Procure 30 T129 ATAK Helicopters from Turkey
BAE Systems Wins $348 Million to Produce 473 Bradley Armored Vehicles
Indias plans of integrating the MBDAs meteor missile on its LCA Tejas and Su-30MKI aircraft may not happen due to...
The most-read stories on the defenseworld
One of the most interesting exhibits at the Dubai Air show 2017 occupies a corner in the Aviation Industries Corporation...
The rising demand for low-cost, combat-capable aircraft that is able to perform a range of missions in an unchallenged environment,...
Amid the proliferation of real-time data from sources such as mobile devices, web, social media, sensors, log files and transactional...
Military activity in various hotspots of the world has increased the demand for ballistic protection that includes headgear, bulletproof vests,...