SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
14 Apr 2017

Hackers re-purposed dumped government surveillance tools to hack government targets

Why bother coding when you can just copy and paste. Whether it's the CIA, or likely Russian hackers, stealing malware from other people happens more than you might think.

Now, there is another notable example of attackers re-purposing hacking tools made by someone else for their own gains. A hacking unit dubbed the Callisto Group allegedly used malware stolen from Italian surveillance company Hacking Team and subsequently dumped online, according to a report from cybersecurity firm F-Secure.

The evidence points "towards this being a group that grabbed the leaked tools, because it was the easiest way," Sean Sullivan, security advisor at F-Secure told. According to the report, the Callisto Group is particularly interested in gathering intelligence on European foreign and security policy. Since at least late 2015, the group has targeted European military personnel with phishing emails, and government officials, think tanks, and journalists with malicious attachments.

Although the hacking attempts with malware don't seem to have actually been successful, where that malware ultimately came from is interesting. "In all known malicious attachments, the final payload was a variant of the 'Scout' tool from the Hacking Team Remote Control System (RCS) Galileo hacking platform," the report reads.

Hacking Team is an Italian surveillance company that sells malware exclusively to law enforcement and intelligence agencies. It's "Scout" tool is usually the first step in an attack, designed to gain access to the target machine, gather basic system information, and likely download additional malware modules. In 2015, a hacker targeted the company and released a treasure-trove of internal Hacking Team files online, including source code for the firm's malware, and a number of files that would install it.

F-Secure believes the Callisto Group used the latter to setup a version of RCS for its own hacking campaign. As the company points out, there are plenty of tutorials online for how to get an instance of RCS up and running with the software and code available. (experts also found a step-by-step guide on a popular Russian cybercrime forum).

"RCS has an embedded 'customer ID', and the customer ID from the Callisto samples matches the 'Hacking Team field engineer demo' ID which matches the ID that you'll get if you use the leaked builders," Sullivan said. And while the Callisto Group was using RCS, other actors were already deploying more recent, and presumably purchased versions of the software.

Naturally, this isn't the first time someone has pinched a piece of malware and used it themselves. In February, malware allegedly used by the Russian hacking group that targeted the US Democratic National Committee found its way online. According to a security researcher, a large part of that malware was copied and pasted from Hacking Team's Mac software. (F-Secure says the Callisto Group hasn't been identified before, so it's probably not the same hackers).

The CIA allegedly borrows code from public malware samples so the agency doesn't have to build, say, a hard-drive wiping module or a keylogger from scratch. And even if attackers don't steal tools themselves, government and criminal hackers sometimes end up using some of the same specific exploits. On Wednesday, experts reported that someone had used a Microsoft Word exploit to deliver hacking tools sold exclusively to governments, while criminals had also recently deployed the same attack for spreading their own malware.

Who is actually behind the Callisto Group is less clear. F-Secure say the targets may suggest a nation state with interest in Eastern Europe and the South Caucasus, but the company also found links between the group's infrastructure and websites selling controlled substances. That could imply the hackers are criminal rather than strictly governmental in nature.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
information leaks hackers surveillance
Source:
Motherboard
1621
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015