Cyberattacks can happen on a global scale as well with hackers breaching government organizations, police stations, and corporations. The attacks and exploits that are being used to breach these systems, these are tools and techniques that hackers have known and used for a while, and we’re talking to us now with millions and millions of machines in multiple countries.
Researchers at Kaspersky Lab had earlier predicted the hack could bring down Europe’s power grid. “We hope that whoever is behind this is looking at German power lines and the UK’s National Grid,” said Richard Clayton, a senior Kaspersky researcher.
Kaspersky called the cyberattack a “classic Operation Olympic Games” in an email to Threatpost on Tuesday.
Over the course of years, Kaspersky Lab’s analysis of some of the tools and techniques used by the attackers has proven certain that this was not an isolated incident, and we don’t see this as isolated from other recent massive attacks. “The attackers, at least according to our analysis, are actually a team of individuals who may be on the government’s payroll.”
Kaspersky claims the command-and-control servers associated with the breach are based in Russia, Ukraine, Georgia, and Ukraine. The intruders have already breached the German government’s digital arm and destroyed some data, the company claims.
Among the information the hackers have taken over, the firm is counting:
This week’s intrusion included a “last-logon” string which contained the username and password for the National Health Service, indicating the attackers had likely obtained private patient data.
The hackers have erased the master files of the European Union and are reportedly holding various personal data (name, date of birth, address, social security numbers, medical insurance numbers, and addresses of relatives).
In addition to the sensitive data, Kaspersky claims to have more than 70 gigabytes of data that it claims to have decrypted. That includes documents sent to and from the National Health Service.
It’s also likely that the attackers are using other credentials as part of their cyber-attack on the power grid, as the same host IPs from a series of large cyberattacks and breaches have been used in both the NSA-sanctioned Stuxnet and Kaspersky Lab’s previous attack. The attackers may also be using legitimate tools from previously compromised platforms, such as backdoors from the NSA’s Hydra malware.
The company is also keeping tabs on the servers at the Georgian government site. According to the Kaspersky, the administrative privileges of one of the servers were changed to read only a few pieces of data, while the other server also received a large amount of data that Kaspersky says has yet to be analyzed. It’s possible the attackers are using Kaspersky’s own file-based access control system to keep their access restricted to the servers with data they don’t want anyone else to have access to.
The company is continuing to investigate the attack and how it’s tied to the data thefts at HBO, NBC, Disney, and other big-name media companies. The researchers believe the ransomware designed to encrypt data is associated with this attack. If you’d like to get more details then make sure to visit this page.