![]() ![]() ![]() “They take out these huge lists of what is there and hand it over to another unit, someone who knows about this, what is important,” he said.The Ukrainian flag was raised at NATO's Cooperative Cyber Defense Center of Excellence in Tallinn, the Foreign Ministry reported on May 16. This, Myers said, was because the hackers would be working in tandem with someone else, someone who knew what to steal. But it was too late: the Shell Crew had already shipped in software to create backdoors and other ways in and out of the system.įor the next 50 days the group moved freely, mapping the network and sending their findings back to base. Two days later the company, aware employees had fallen for the emails - known as spearphish - reset their passwords. Once an employee fell for the email, the Shell Crew were in, and within hours were wandering the company’s network. “It was very well timed, very well laid out,” recalls Myers. A malware package was uploaded to a site, and then, 40 minutes later, the fake account sent emails to company employees, designed to fool one into clicking on a link which in turn would download the malware and open the door. On July 10, 2013, they set up a fake user account at an engineering portal. Once Shell Crew found a way in, however, they moved quickly, aware this was the point when they were most likely to be spotted. ![]() But the attack went back further than that.įor months Shell Crew had probed the company’s defenses, using software code that makes use of known weaknesses in computer systems to try to unlock a door on its servers. “In fact,” Myers recalls telling the company, “you have a problem right now.”Myers’ team could see hackers had been there for more than six months. RSA realized there was a much bigger one at hand: hackers were inside the company's network, stealing sensitive data. firm that designs and makes technology products called in RSA, a division of technology company EMC EMC.N, to fix an unrelated problem. RSA’s Myers says his team has no evidence that Shell Crew were behind the OPM attack, but believes Shell Crew and Deep Panda are the same group.Īnd they are no newcomers to cyber-espionage.CrowdStrike, the cybersecurity company which gave Deep Panda its name due to its perceived Chinese links, traces its activities to 2011, when it launched attacks on defense, energy and chemical industries in the United States and Japan. healthcare insurer Anthem Inc ANTM.N, which has been blamed on Deep Panda. Researchers have connected the OPM breach to an earlier attack on U.S. But cybersecurity experts are starting to learn more about their methods. suspicions that Chinese hackers were building huge databases that could be used to recruit spies.Ĭhina has denied any connection with such attacks and little is known about the identities of those involved in them. and other countries’ networks and stealing government, defense and industrial documents.The attack on the OPM computers, revealed this month, compromised the data of 4 million current and former federal employees, raising U.S. “The Shell Crew is an extremely efficient and talented group,” Myers said in an interview.Shell Crew, or Deep Panda, are one of several hacking groups that Western cybersecurity companies have accused of hacking into U.S. Myers’ account of a months-long battle with the group illustrates the challenges governments and companies face in defending against hackers that researchers believe are linked to the Chinese government - a charge Beijing denies. ![]() A sign marks the entrance to RSA's facility in Bedford, Massachusetts, in this Mafile photo. ![]()
0 Comments
Leave a Reply. |