Submitted by Micah Smith on Mon, 01/15/2018 - 12:33
I Spy State - Sponsored Malware.
I Spy State - Sponsored Malware.

With heightened tensions and little trust between global superpowers, it's natural that state-sponsored cyber surveillance is on the rise and in the News.

Well, either that or international spies are getting worse at covering their tracks.  Cyber espionage, emanating from Eastern Europe and South Asia are providing fresh headlines and giving us pause for thought. How deep into the IT Government rabbit hole have Cyber spies have actually been able to go?

Pretty far, ESET researchers recently uncovered Gazer, a malware operation targeting National bodies such as Ministries, embassies and consulates worldwide. They have identified at least four different variants mostly being deployed across Europe.

The malware itself acts in two stages: First, the malware releases 'Skipper' through the backdoor and then the 'Gazer' mechanisms are installed. 'Gazer' malware then gets commands that are encrypted from a server and avoids exposure through using legitimate websites as a proxy.

The malware has been traced to Turla hacking activity, connected to Russian Intelligence and used against former soviet bloc states to both monitor and disrupt everyday functions.  This is a particularly sneaky malware because it can hide for extended periods of time, waiting for the right data to pop up, while it acts as the undercover 'fly on the wall spy'.

Meanwhile, in Asia, Symantec have found malware that targets all kinds of State – level devices.  Cyber baddies have been supplying the spies access to files, carrying out different actions, identifying locations, taking screen shots amongst other clandestine plots from inside various government agencies and on Android devices.

The Symantec report said that this malware was being continually updated to give more power to potential snooping capabilities. 

In response to common cyber-security attacks, India has established the the Indian Computer Emergency Response Team (CERT-In) to help companies detect malware.  In contrast, an unnamed source from within Pakistan’s Federal Investigation Agency denied having any malware issues on the Pakistani side of the street.

We suspect this to be somewhat untrue, as malware seems to be infecting the region from all angles.

Of course, everyone's eyes are currently fixated on another part of Asia, North Korea, although the cold and frightened stare we are giving them, doesn’t seem to be hampering their hacking efforts.

In the news from Seoul, North Korea has been accused at hacking into computers of financial institutions globally, particularly in South Korea.

Funnily enough, this is not to further their political global ambitions against the United States, merely to pocket some cash to stave off their economic crisis.

Pyongyang, desperate for cash has gone to the cyber dark side to stay afloat, despite the U.N. sanctions due to their Nuclear weapons program…and we thought all the support was coming from China.

North Korea are argued to be behind Lazarus (the online bank robbers who pinched $81 billion from the Bangladesh central bank and attacked Sony's Hollywood studio in 2014) There is also some snippets of evidence that North Korea was behind 'WannaCry' although they vociferously deny it.

A spinoff from Lazarus, Andariel has been attracting attention and stealing bank details by hacking into machines and selling it on the black market. The reports are still pointing to North Korea and various different malware issues, including an attack on the personal PC of the South Korean Minister of Defense are included.

Shutting down the Nuclear ambitions of north Korea, may in effect, have a solution through the back door. It could be time to get the techies to slip in and out of the pariah state giving us all this trouble.  All in all, it's a great time to be a Cyber spy.