Skip to main content

Kaspersky fingers ‘Poseidon’ for attacks dating back to 2001

A pair of hands on a laptop keyboard with two displays.
The first ever Portuguese-speaking targeted attack group responsible for a decade-long series of cyber attacks has just been revealed in a new report from Kaspersky Lab. The security firm is pointing toward an individual or group referred to as “Poseidon” as the source of this campaign, which has largely targeted corporate victims across a range of different industries.

It’s thought that Poseidon went relatively unnoticed during that period because its various attacks were not previously linked to one another. Security firms and enthusiasts alike spotted individual cases, but it wasn’t until last year that Kaspersky’s Global Research and Analysis Team — otherwise known as GReAT — managed to put the pieces together.

Poseidon targeted companies with spear-phishing emails containing attached RTF files (Rich Text Format) and Microsoft Word documents. These messages were typically directed toward human-resources workers, and contained malware that enabled the attacker to thoroughly explore the topography of the target network, according to a report from PC World.

From there, Poseidon would steal intellectual property and trade secrets, which could then be used to blackmail the target. Organizations have been coerced into taking on the services of the Poseidon Group as a security firm, who would supposedly help fix the problems they were experiencing — of course, malware was often left behind for future usage.

Kaspersky reports that Poseidon made attacks on government institutions, banks, telecommunications firms, and media groups, among others. Its activities have been traced back to at least 2005, but the oldest sample found suggests that the scheme was in the works as early as 2001.

Poseidon survived this long by making regular changes to the way it perpetrated attacks, something that will be more difficult now that Kaspersky has a handle on its methods. As part of the company’s research into the group, the security researchers contacted affected organizations with information on how to defend themselves going forward.

Editors' Recommendations