A huge data-stealing cyber espionage campaign that targeted Banks, Corporations and Governments in Germany, Switzerland, and Austria for 12 years, has finally come for probably the longest-lived online malware operation in history.
The campaign is dubbed as ‘Harkonnen Operation’ and involved more than 800 registered front companies in the UK — all using the same IP address – that helped intruder installs malware on victims’ servers and network equipments from different organizations, mainly banks, large corporations and government agencies in Germany, Switzerland and Austria.
In total, the cyber criminals made approximately 300 corporations and organisations victims of this well-organised and executed cyber-espionage campaign. CyberTinel, an Israel-based developer of a signature-less endpoint security platform, uncovered this international cyber-espionage campaign hitting Government institutions, Research Laboratories and critical infrastructure facilities throughout the DACH (Germany, Austria, Switzerland) region.
“The network exploited the UK’s relatively tolerant requirements for purchasing SSL security certificates, and established British front companies so they could emulate legitimate web services,” said Jonathan Gad, chief executive of distributor Elite Cyber Solutions, Cybertinel’s UK partner.
The Harkonnen Operation attack was detailed in a special report [pdf] titled, “HARKONNEN OPERATION CYBER-ESPIONAGE,” in which the researchers analysed and discovered companies that were compromised by seemingly generic trojans foisted through spear-phishing attacks.
It is still unclear that who or what is behind the hack, but researchers believe that the malware campaign seems to be more like an organised crime operation than something a government intelligence agencies would do.
The scammers invested over $150,000 — a kingly sum for hackers — on hundreds of domain names, IP addresses and wildcard certificates to make its UK businesses appear legitimate. and in keeping the operation going.