CYBERTINEL, the Israel-based developer of a signature-less endpoint security platform, has succeeded in stopping the Harkonnen Operation, a 13 year old massive cybercrime network which has already penetrated hundreds of blue-chip companies, government institutions, research laboratories and critical infrastructure facilities throughout the DACH (Germany, Austria, Switzerland) region,
The company states that its systems protect organizations against advanced persistent threats and zero-day attacks. Its multi-layer, signature-less endpoint security platform automatically uncovers sophisticated cyber-attacks and provides immediate countermeasures. CYBERTINEL’s endpoint security platform is used by homeland security, government and public agencies, infrastructure and utility service providers and industrial and financial organizations.
CYBERTINEL discovered the Harkonnen Operation at one of the network’s targets when it implemented its endpoint security platform across the organization, a prominent, well established German company which holds sensitive data on behalf of its international clients. Trojans siphoning critical information were detected immediately and further investigation, led to the source of the breach revealing that the original domain was registered by a UK company and that a further 833 companies were also registered in the UK.
This specific attack has proven to be just the tip of an international cybercrime iceberg. CYBERTINEL has since found records of Harkonnen Operation on more than 300 additional organizations in Germany, Austria and Switzerland, targeting key executives. Further investigations are expected to reveal that the security mechanisms of companies in other European countries, including the UK, will have also been breached.
The attack was initiated using a ‘spear phishing’ penetration and executed by running two system Trojans created in Germany. Once planted in workstations at targeted companies, the Trojans were able to deliver sensitive and confidential data to the cybercrime network.
“The network exploited the UK’s relatively tolerant requirements for purchasing SSL security certificates, and established British front companies so they could emulate legitimate web services, ” said Jonathan Gad of Elite Cyber Solutions, CYBERTINEL’s UK partner. “The German attackers behind the network then had total control over the targeted computers and were able to carry out their espionage undisturbed for many years.”
CYBERTINEL’s forensic analysis has been able to follow the digital traces all the way back to the individuals behind the operation and has provided these details to its customer, which is now working with German police investigators.