Skip to main content

Kaspersky fingers ‘Poseidon’ for attacks dating back to 2001

A pair of hands on a laptop keyboard with two displays.
Image used with permission by copyright holder
The first ever Portuguese-speaking targeted attack group responsible for a decade-long series of cyber attacks has just been revealed in a new report from Kaspersky Lab. The security firm is pointing toward an individual or group referred to as “Poseidon” as the source of this campaign, which has largely targeted corporate victims across a range of different industries.

It’s thought that Poseidon went relatively unnoticed during that period because its various attacks were not previously linked to one another. Security firms and enthusiasts alike spotted individual cases, but it wasn’t until last year that Kaspersky’s Global Research and Analysis Team — otherwise known as GReAT — managed to put the pieces together.

Poseidon targeted companies with spear-phishing emails containing attached RTF files (Rich Text Format) and Microsoft Word documents. These messages were typically directed toward human-resources workers, and contained malware that enabled the attacker to thoroughly explore the topography of the target network, according to a report from PC World.

From there, Poseidon would steal intellectual property and trade secrets, which could then be used to blackmail the target. Organizations have been coerced into taking on the services of the Poseidon Group as a security firm, who would supposedly help fix the problems they were experiencing — of course, malware was often left behind for future usage.

Kaspersky reports that Poseidon made attacks on government institutions, banks, telecommunications firms, and media groups, among others. Its activities have been traced back to at least 2005, but the oldest sample found suggests that the scheme was in the works as early as 2001.

Poseidon survived this long by making regular changes to the way it perpetrated attacks, something that will be more difficult now that Kaspersky has a handle on its methods. As part of the company’s research into the group, the security researchers contacted affected organizations with information on how to defend themselves going forward.

Editors' Recommendations

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Garmin services slowly coming back to life after reported ransomware attack
garmin forerunner 935 smartwatch amazon deal

Update: In a Monday afternoon statement, the company confirmed that a cyberattack had impacted Garmin's services, leading to an outage that impacted fitness devices, GPS gadgets, pilots, and the myriad other services the tech brand has touched in its long history. 

This time it's the IT department that's getting the workout.

Read more
Mars 2020 mission launch date has been pushed back again
Perseverance Rover

NASA has announced another delay to the launch of its Mars-bound Perseverance rover. In a message posted on the rover’s own Twitter account on Tuesday, June 30, the space agency said that due to processing delays in uniting the rover with the United Launch Alliance's Atlas V rocket, the first launch effort at Cape Canaveral in Florida would now take place no earlier than July 30.

Due to processing delays in preparations to unite me with the rocket, my first launch attempt will be no earlier than July 30. @NASA and @ulalaunch are working to update the target launch date and have been able to expand the launch period until Aug. 15.
— NASA's Perseverance Mars Rover (@NASAPersevere) June 30, 2020

Read more
Cyberpunk 2077 release date pushed back again
Cyberpunk 2077 Johnny Silverhand

The highly anticipated game Cyberpunk 2077 has been delayed again, according to developer CD Projekt Red.

In a tweet, the developer said Cyberpunk 2077 will now launch on November 19, a two-month delay from its earlier September 17 launch date. The company said that it "won't ship something which is not ready."

Read more