“We discovered the scope and damage of these operations during investigations of what we thought were separate cases,” said Stuart McClure, CEO of Cylance.
Through custom and publicly available tools that use, among other methods, SQL Injection, spear phishing, water holing attacks and hacking directly through public websites, the attackers have been able to extract highly sensitive and confidential materials and compromise networks with persistent presence to such a severity that they have control over networks of victims in 16 countries.
The targets belong to five groups:
Oil and Gas/Energy/Chemical – Targets discovered include a company specializing in natural gas production, electric utilities organizations, as well as a variety of oil and gas providers. This group was a particular focus of the hackers.
Government/Defense – Targets discovered include a large defense contractor and major U.S. military installation. Cylance can confirm one of those targets was San Diego¹s Navy Marine Corp Intranet, where unclassified computers were hacked.
Airports/Transportation – Targets discovered include airports, airlines, automobile manufacturers, as well as transportation networks. The most concerning evidence collected was the targeting and compromise of transportation networks and systems such as airlines and airports in South Korea, Saudi Arabia and Pakistan.
Telecommunications/Technology – Targets discovered include telecom and technology companies in several countries.
Education/Healthcare – Targets discovered include multiple colleges and universities, often with an emphasis on medical schools. Large amounts of data on foreign students have been taken, including images of passports and social security cards.
See the whole article from Help Net Security by clicking here.