Norwegian security firm Norman Shark said Monday that...
Norwegian security firm Norman Shark said Monday that evidence from its investigation into cyberattacks on Norwegian telco Telenor and Pakistan’s government shows the ongoing series of attacks are originating in India. Norman Shark began investigating after Telenor reported to police…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
it was the victim of unlawful computer intrusion; Telenor had been infected through spear phishing emails that targeted its upper-level management. Norman Shark said its analysts found “surprisingly large” amounts of malware that matched the malware used in the Telenor attack, indicating it was part of a larger effort to compromise governments and corporations. The attacks targeted victims in more than a dozen countries, including government, military and corporate targets, Norman Shark said. The firm determined the attacks originated in India based on an analysis of IP addresses, website domain registrations and identifiers within the malware. The attacks, which Norman named “Operation Hangover,” relied on known vulnerabilities in Microsoft Word documents, Java and Web browsers; such attacks have previously mostly originated in China, the firm said (http://bit.ly/11QS20y). The attack “may have employed multiple developers tasked with delivering specific malware,” said Snorre Fagerland, Norman Shark’s head of research, in a news release (http://bit.ly/1179QNo). The word “Appin” appears in a “great number of isolated cases and contexts” within evidence of the attacks, which may have a connection with India’s Appin Security Group, Norman said in the report. Norman said it is not suggesting Appin is involved in “inappropriate activity,” noting that “getting to the bottom of that is beyond our visibility.” Appin did not respond to a request for comment, but a notice on its website said it believes “some individuals/entities are misusing the good name of ASG/Appin/Appin Security Group.” Appin said the public should not “be misled by any communication through fictitious domains” that claim to be from the company (http://bit.ly/18cJaRI). Norman Shark has previously investigated other cyberattacks; it issued a report in November detailing a series of attacks on Israeli and Palestinian targets that had lasted at least a year (http://bit.ly/W3DD8b). The firm had previously been part of Norman ASA, which split in two in late 2012; Norman Shark focuses on cybersecurity in the enterprise market, while Norman Safeguard focuses on consumers in Europe, a spokesman said.