Mystery 'TeamSpy' Hackers Target European Governments
CREDIT: Shutterstock: Koya979
Hacking is a prime way for unsavory individuals to steal personal or financial information from the everyman, but manipulating code can also have a much more sinister purpose. The Hungarian CrySyS Lab got an acute reminder of this when it discovered a long-running attack on its government's national security.
In addition to potentially successful attempts to steal information from the Hungarian government, these hackers infected a number of official sites with malware. CrySyS tracked the first infections back to 2010, meaning that a number of sensitive secrets from the last three years could potentially be compromised.
"During our investigation of the incident, we discovered … a large number of malware samples that have been used in multiple [attack] campaigns in the last couple of years," writes CrySyS in a report. "We estimate the number of distinct campaigns to be in the order of tens."
Even though the incidents appear to be separate, CrySyS has pinpointed a number of factors laying at least some of the blame at the feet of TeamSpy, a ubiquitous group of hackers, likely of former Soviet bloc origin. Some traces linked the attacks to the Ministry of Foreign Affairs in Uzbekistan, while files used in the attacks contained Russian words for "secret" and "password." The hackers also stole information related to the NATO and EU Russian embassies, as well as Russian industrial manufacturers.
TeamSpy gets its name from the legitimate "TeamViewer" software, which allows users to remotely control another PC or Mac. This is obviously useful for remote office or tech support applications, but when misused, it presents an easy opportunity to hijack unsuspecting systems. CrySyS believes that this group has been continuously active for at least 10 years, which is unusually long for a hacker consortium. [See also: 5 Looming Threats That Keep Security Experts Up at Night ]
While the attacks in Hungary set off the investigation, TeamSpy's activities have by no means been limited to one country. CrySyS found evidence of infiltrating other high-profile targets in Iran, as well as more infrequent penetrations into the United States, Canada, Scandinavia, Great Britain, India
, and even as distant as the Democratic Republic of Congo.
CrySyS determined that most of the information that TeamSpy stole is of a nature too sensitive to reveal. However, it is likely now in possession of facts about at least one high-ranking member of the Hungarian government, as well as Hungary's relationships with Russia, France, Belgium and the Middle East.
The ramifications of this hack will likely remain behind closed doors, and unless it wants to run up against one of the top security labs in Europe, TeamSpy is probably done with Hungary for the time being. The presumably Russian group is unlikely to disband anytime soon, though, so whatever its goals are, chances are Hungary will not be the last country targeted.