Allegations of state-sponsored cyberattacks have been in the news lately, including alleged Russian hacks during the recent U.S. elections. These allegations are sometimes based on the code used to break into systems, and sometimes due to the sheer scale and sophistication of attacks that could only be brought by government agencies.
One such large-scale cyberattack, dubbed “Operation BugDrop,” seems to have been perpetrated against targets in Ukraine, as reported on its blog by security firm CyberX. The attack went after at least 70 victim organizations and stole huge amounts of sensitive information using a number of methods including one attack vector — the PC microphone — that is very difficult to guard against.
According to CyberX, Operation BugDrop, so named because the microphones of target PCs were “bugged,” used compromised Microsoft Word documents to install malware capable of eavesdropping and capturing hundreds of gigabytes of data. The firm described Operation BugDrop a “well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources.”
Chief among those resources appear to be a very large and sophisticated infrastructure enabling the attackers to decrypt and analyze massive amounts of data — up to several gigabytes each day — and then store it in a massive cache of data. As CyberX points out, it’s not just a machine-driven attack because the stolen data requires many human analysts to comb through and make sense of it. While state involvement isn’t guaranteed, it is likely.
Most of the targets were organizations located in Ukraine, including companies involved in engineering and designing oil and gas distribution facilities, human rights organizations, newspaper editors, and more. A smaller number of organizations in Russia, Austria, and Saudi Arabia were also targeted. Stolen data appears to include audio recordings, screenshots, documents, and passwords.
Operation BugDrop serves to highlight the growing importance of well-organized and heavily financed cybercrime operations aimed at private and governmental organizations and capable of accumulating and analyzing massive amounts of proprietary information. CyberX concludes, not surprisingly, that organizations need to be diligent in monitoring their networks and applying more modern technologies to identify and respond to these increasingly sophisticated attacks.