For the past 12 years, the Harkonnen Operation has plagued Europe. The malware campaign, operating scams in Germany, Switzerland, and Austria since 2002, has finally ended, but that doesn’t change the fact that it may be the most long-lived malware to have existed. What kept security firms from discovering these attacks and preventing them for so long?
The Harkonnen Operation was an incredibly well-organized attack led against major corporations and government networks. The attacks involved the exploitation of over 800 fake companies which installed malware on targeted servers and networks. All companies were based around a single IP address, and used a combination of legitimate mailing addresses and DNS server registrations to appear legitimate. The attacks were brought down by an Israeli security firm called CyberTinel.
According to CEO Koby Ben-Naim, the hacking attacks were so convincing that nobody ever bothered looking into them. The only reason the attacks were discovered was because an unnamed German company noticed their server’s traffic was inconsistent. This was when CyberTinel discovered the source of the issue: a command and control server located in Germany, which was spreading malware with spear-phishing advances. These hackers, who appeared legitimate thanks to digital security signatures, were able to infiltrate particularly secure servers and make off with all sorts of information.
The targeted documents seemed to be very specific, and the attacks were effectively premeditated, meaning that the attackers knew exactly what they were looking for when stealing information from a server. They did their homework, and generally targeted only the information they desired, which just so happened to be pretty dangerous documents. In fact, according to Ben-Naim, “We’re talking about things like studies of biological warfare and nuclear physics, infrastructure security plans, [and] corporate financial documents.” Scary stuff, huh? The only reason they were caught is because they spent too much time on one target, which allowed CyberTinel to track their activity.
These attacks are a prime example of what hackers can get their hands on if we aren’t adequately protected and don’t pay close-enough attention to what is going on behind the scenes. The reason that these attacks were noticed was due to the initiative taken by CyberTinel’s anonymous informant, which allowed the security firm to focus their attention on the suspicious activity. By making sure that your business prioritizes security, you too can avoid dangerous scenarios such as this.
One way to make security your top priority is with a Unified Threat Management solution from SemTech IT Solutions. A UTM is an enterprise-level security measure which includes a firewall, antivirus and anti-malware solutions, spam filtering, and web content monitoring. You’ll know what information is flowing both in and out of your network. Additionally, SemTech IT Solutions can monitor your network and systems for any suspicious activity. You’ll be the first to know, and we can pursue the problem if you think it could become an issue.
For more information about our Unified Threat Management device and other IT services, give us a call at 407-830-1434.