informa
1 min read
News

Cyber Criminal By Day, Cyber Spy By Night?

New research shows link between espionage malware, Black Hat SEO, and RSA attackers.
Anonymous: 10 Facts About The Hacktivist Group
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
New research appears to raise questions over the conventional wisdom that pure nation-state cyberspies rarely dabble in traditional financial cybercrime. Dell SecureWorks Wednesday shared details of a complex study it conducted of two families of espionage malware that have infected government ministry computers in Vietnam, Brunei, Myanmar, Europe, and at an embassy in China.

Joe Stewart, director of malware research for SecureWorks counter threat unit research team, and his team dug into the domains shared by these malware families, which appear to have been registered by an individual whose physical address they traced to a P.O. box in the fictional location of "Sin Digoo," California.

The domains were registered under the names of "Tawyna Grilth" and "Eric Charles" with a specific Hotmail address during 2004 and 2011. Malware samples using the Tawyna Grilth domains are tied to advanced persistent threat (APT) activity, according to SecureWorks. But the researchers also found that "Tawnya's" domain hosted a Black Hat search engine optimization service.

[ See our complete RSA