Hackers target US intelligence agency contractors

Thu Jul 21, 2011 7:31pm EDT

* Malware-tainted email used by hackers to invade network

* Target was high-level official with contractor

* Other contractors likely targeted over past 10 days

* Spear phishing campaign sent false emails from IARPA

By Jim Finkle

BOSTON, July 21 (Reuters) - Hackers, likely working for foreign governments, are actively trying to steal classified U.S. government data by breaking into the computer networks of contractors that work for U.S. intelligence agencies.

Through a targeted "spear phishing" campaign, hackers are sending emails tainted with malicious software to contractors, according to two security firms, which heard about the attacks after an executive at one contractor sent them a copy of the email.

Researchers at the security firms would not identify the contractor on Thursday. Recent targets of cyber attacks have included defense contractor Lockheed Martin Corp (LMT.N) and three publicly funded research laboratories.

In spear phishing attacks, hackers target a small number of victims with emails containing detailed information related to their lives in an effort to persuade them to let their guard down and click on infected links.

The researchers said these malicious emails falsely claimed to be from the U.S. government's Intelligence Advanced Research Projects Activity, or IARPA.

So far, the researchers have identified only one victim, but they said early analysis of the code contained in that email links it to malware submitted by other security experts over the past 10 days.

"It appears to be from a persistent adversary that is trying multiple attempts to get in," said Anup Ghosh, the chief executive of Invincea, one of two firms that analyzed the tainted email.

He said the hackers were likely backed by a "foreign actor," based on the fact that they were targeting a government contractor.

The malware was designed to be downloaded when the victim clicked on a link to a spreadsheet with the names and contact information of 163 high-level officials with contractors who had attended a recent "project day" conference at IARPA, according to Ghosh.

Officials with IARPA did not respond to a phone call seeking comment.

If the software was installed on a computer, it would have downloaded even more malicious code that would have enabled hackers to take remote control of the victim's PC, said Dean De Beer, chief technology officer for ThreatGRID, the second firm that investigated the attack.

Once the hackers gained control of the PC, they would have likely sought to access sensitive data across the computer network, impersonating the senior official who was targeted in the attack.

The malware was designed to secretly communicate with its hackers through a server located in South Korea, according to the two security firms.

They declined to identify the official who was targeted or name his firm, though they said he was a member of the Defense Science Board, a prestigious organization that advises the U.S. secretary of defense on technology issues.

While his PC was not infected by this particular email, it is likely the hackers will continue to try to break into that company's network by targeting other officials, Ghosh said. (Reporting by Jim Finkle; Editing by Gary Hill)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.