A New Wave of Attacks Takes Place with Ancient ICEFOG APT Malware

This is a bit like bubonic plague going through a mutation and being carried by cats and dogs rather than black rats…:

[…] It seems that Shen had made one more concerning discovery regarding the ICEFOG malware. The new versions of the ICEFOG malware were not used in the attacks by hackers that could have been associated with the original ICEFOG group. It seems that they have been spotted in a large number of hacking campaigns that have been performed by many different groups of attackers.

Shen claimed that after analyzing the operations that took place between 2011 and 2013, she noticed that they were pretty consistent and suggested one group and an exclusive use of malware. However, the new versions of the ICEFOG malware have been spotted to be used by multiple groups after 2013.

In this context of discoveries, Shen has come to the conclusion that the new versions of the malware have been shared by the original ICEFOG group that used it in the hacking campaignsfrom 2013. Cybersecurity specialists already know that many Chinese APTs may have a shared supply chain. Yet, Shen claimed that it is impossible to determine how the ICEFOG samples have been shared but it isn’t the first time for the specialists to see tools shared among the Chinese APTs. Shen added that one good example is the shared document template of other malware like SOGU that is a tool often shared among hackers.

Shen made some extremely concerning reveals regarding the main targets of the ICEFOG malware including an unnamed agriculture company from Europe in 2015 and the government, media, and finance organizations from Russia and Mongolia in 2015. Other targets were the government of multiple Soviet states in 2015, Kazach officials in 2016, an unknown entity in the Philippines in 2018 and multiple organizations in Turkey and Kazakhstan in 2018 and 2019.

ICEFOG malware was mainly used for cyber-espionage

Shen also added that her observation made her conclude that most ICEFOG malware samples were used for political espionage and intelligence gathering. Other hacking campaigns were targeting telecommunication, energy, media, transportation, and suspected financial sectors. However, Shen added that the previous cases were extremely rare compared with the ones targeting political espionage.

What is indeed intriguing is how come the attacks have not been detected and reported until Shen’s discovery. She explains that her theory is that because of its rare use, ICEFOG malware was not even taken into consideration by their targets. […]

Original article here