Jahanzaib Hassan
Thanks to ex-NSA spy, Edward Snowden, we all know that Governments use several hacking tools and malware to spy on public and most of the times they get away with that, but here is a plot twist. A group of hackers called “Calisto” exploited a malware previously used by the Italian surveillance firm, Hacking Team, to hack into UK’s Foreign Office network.
The Hacking Team is a Milan-based firm providing spyware and other hacking tools to governments around the world, but in 2015, the firm suffered a massive breach after which 400 GB of its data was leaked online. After the leak, the firm warned that “terrorists” could use their RCS Spyware. Now, as per reports, the Foreign Office of the UK was targeted multiple times in the last year, and these attacks began since the April of 2016.
F-secure- a cybersecurity firm was conducting the investigation on this matter and found that the hackers were conducting “Spear-phishing,” campaign against their target. Hackers were also trying to gain the victims’ personal information and credentials by sending them fake emails which were then supposed to download the final Payload.
The firm discovered that “In all known malicious attachments, the final payload was a variant of the ‘Scout’ tool from the Hacking Team Remote Control System (RCS) Galileo hacking platform.”
“Scout” is a tool used by the Italian Hacking Team for surveillance purposes.
The masterplan
If you think that this was just an ordinary “phishing” campaign, then think again! It was a much more sophisticated attack. “Callisto group” created numerous web addresses similar to the legit ones of the Foreign Office website. They even created similar webmail addresses.
Though the UK’s National Cyber Security Center (NCSC) did not mention culprits behind this attack, F-secure believes that “Callisto group” was responsible.
According to NCSC officials,”The first duty of government is to safeguard the nation, and as the technical authority on cyber security, the NCSC is delivering groundbreaking innovations to make the UK the toughest online target in the world. The government’s Active Cyber Defence program is developing services to block, prevent and neutralize attacks before they reach inboxes.”
Whether the attack was successful or not is still a mystery, BBC reports that the most sensitive information of Foreign Office is safe.
The big Picture
According to F-secure, Callisto group was previously targeting “military personnel, government officials, think tanks and Journalists” all across the Europe.
An anonymous source told the BBC that the hackers might have been involved in influencing the latest US election, as he found two phishing domains linked to an IP address which was mentioned in a US government report. However, conclusive evidence of the involvement of Callisto is still yet to be found.
On a further investigation, the security firm found a resemblance between previously Russian attacks and the Callisto’s attacking methods, which could mean that the group is somewhere from Russia as well. The motive behind these attacks are still unclear, but one thing is sure, the Hacking group is up to something massive!
Source: F-Secure | Coverage: BBC