A fast growing threats to the civilized society and nations today is hacker groups who are motivated by various reasons. While some of these hacker groups engage in hacktivism and bring critical information to the spotlight, others are state sponsored and work on their behalf with the intention of information theft and cyber warfare targeted to governments, corporations, media networks and even security agencies tracking their movements. The situation is referred to as a ‘Cold War’ which is not visible or reported, by various cybersecurity agencies and experts. Below are the six most notorious hacking groups from around the world, who are active today.
1. Deep Panda
Deep Panda is deemed as one of the most advanced and skillful team of hackers who work specifically for the strategic interests of the Chinese government. The group has been known for targeting and successfully infiltrating government, defense, telecommunications, financial and legal networks.
US cyber security firm Crowdstrike reported that in the last year alone, there have been countless reports of cyber-attacks carried out by Deep Panda. In early November 2014, Deep Panda allegedly hacked into Australian media sites in order to understand the media environment around the G20 Summit, held on November 14 at Brisbane. Earlier in the year, the group was attacked high-ranking US security personnel with expert knowledge of Iraq and the Middle East. The team at Crowdstrike stated that the attack came after ISIS took control of major parts of Iraq and the potential disruption of Chinese oil imports from Iraq, which constitutes as the fifth largest oil exports from the Middle Eastern country. Due to their endless exploits, Crowdstrike has poised Deep Panda as one of the most advanced Chinese nation-state cyber espionage groups.
2. Putter Panda
Putter Panda is a cyber espionage group, who operates out of Shanghai, most likely on the behalf of, and are sponsored by the Chinese People’s Liberation Army. The physical location of the domains used to spread the Putter Panda malware, are registered to an address, which indicates the Shanghai headquarters of the 12th Bureau of the People’s Liberation Army. According to Crowdstrike, an US cyber security firm, the group has been responsible for carrying out hacking campaigns in an effort to steal military and trade secrets along with patents and intellectual properties from foreign companies.
The hackers are known to target popular applications like Adobe Reader and Microsoft Office for spear phishing attacks in order to spread custom malware, to attack American and European, public and private sector organizations. Crowdstrike’s report further details Putter Panda’s extensive use of a wide range of tools including Remote Access Tools (RATs), to orchestrate various operations to gather intelligence, with a particular focus on space technology.
3. Flying Kitten
Flying kitten is an Iran based hacker group, seemingly working on behalf of the Iranian government. Formerly a known hactivist group called the Ajax Security Team, Flying Kitten is best known for targeting US defense contractors and Iranian political dissidents.
The hacker group was in the radars of two US security firms FireEye and Crowdstrike since their days of political activism as the notorious Ajax Security Team, noted for defacing websites. In the last year, their focus has shifted to more high-profile, targeted attacks. According to experts at Crowdstrike, the group had most probably got the attention of the government or a private player operating on their behalf, who recruited them to carry out cyber-attacks for Iranian interests. The security firms noticed that the group’s modus operandi is to deliver malware on the steal data. The hackers replace the login page of the websites of targeted organizations with a fake one which grabs the credentials when users log in and redirect the user to another page which downloads the malware file. This downloaded file is actually a stealer malware which sends data through a FTP server.
Another security firm based in the Silicon Valley, known as Norse have stated in their report that since Iran does not have the military capacity to engage in cyber warfare, Iranian hacker groups such as Flying Kitten are often allowed to partake in financial crimes and state sponsored crimes. So far the maximum concentration of Iranian attacks have been recorded in the US, and there have been confirmed attacks in the UK, Israel, Germany and Canada as well.
4. Energetic Bear/Dragonfly
Dragonfly or Energetic Bear is a hacker group apparently operating out of Eastern Europe since around 2011. Energetic Bear was initially the name given to the group by Crowdstrike, who reported that the attacks were most probably carried out for Russian benefits and therefore concluded the hackers to be of Russian origin. However, Kaspersky Lab later found traces of French and Swedish speaking players and called the group Dragonfly.
According to reports by the Kaspersky Lab, the group was notorious for attacking defense and aviation networks in the US and Canada before it took interest in energy firms in Europe and America. The report confirmed 2800 attacks carried out around the globe and identified 101 organizations mainly, in the US, Germany, Spain, Japan, Italy, Turkey and China.
The group uses Remote Access Trojans (RATs), especially their own Backdoor.Oldrea and Trojan.Karagany and other malware tools to spy on energy firms. The tactics suggest that the group has extensive experience in industrial sabotage. The malware programs are usually attached to phishing e-mails and the recently upgraded ‘watering hole’ attacks, which compromises the websites that the target visits frequently. The targets are then redirected several times until Oldrea and Karagany can be introduced onto other systems. The group has also been known to infect legitimate softwares which would be downloaded onto millions of systems along with the malware.
5. Syrian Electronic Army
The Syrian Electronic Army is yet another politically motivated hacker group working on behalf of Syrian president Bashar Al Assad. In the last year, at the height of the Syrian Civil War, the group has been responsible for hacking countless websites and social media profiles, mainly that of the US media.
Cyber Intelligence firm IntelCrawler, which has been tracking the movement of the group stated that the hackers are mostly based out of universities in Syria, with some links to the Lebanon based militant group Hezbollah. The group officially denies any connection to the Syrian government, though it has stated that information is passed to the Assad government from time to time.
The group says their main objective is to show the truth about Syria, and mainly targets international media websites and Social media channels. From the websites of the top organizations such as Reuters, The Independent, Washington Post and The New York Times to the Twitter handles of TIME and CNN, no Western media outlet on the web has been spared.
Their latest attack came early this month, when Le Monde’s Twitter account was hacked and the hackers began posting tweets such as “Je ne suis pas Charlie” (I am not Charlie). The group also condemned world leaders for taking part in the Paris march, which they called hypocritical. They also posted tweets in support of Palestinians, Syria and Africa and later claimed responsibility for the infiltration with the tweet on their own Twitter account, “We have successfully hacked Le Monde and we will never fail to deliver our message of peace and anti-terrorism. They further stated that the group reprimands terrorism in France, but the French leaders support terrorism.
SEA says that its goal is to show the truth about Syria to the world, and would attack all organizations publishing fake reports against Syria. It has also been known to intimidate journalists who write anything against the Syrian president Basher Al Assad. However, cyber security experts tracking the group have stated that the main objective of the SEA is to gain international recognition and popularity.
6. Bureau 121
Bureau 121 is an elite, talented group of hackers working for the North Korean military, under the General Bureau of Reconnaissance, which manages clandestine operations for the army of the Hermit Kingdom. North Korea has a long history of poverty and military rule, along with condescending nuclear intentions and a fierce hatred against Western policies, culture and forward thinking. The country is also known for upholding its supreme leaders as godlike figures.
Despite rampant poverty prevailing in North Korea, the country has heavily funded its cyber warfare efforts, to gather intelligence against targets primarily from South Korea, United States and Japan. Several North Korean defectors have stated that there are as many as 1800 cyber warriors in North Korea, who are some of the most rewarded and therefore richest people in the country, living in swanky apartments in a posh, upscale part of Pyongyang. The leaders are said to pouring resources into nuclear, cyber and military efforts while most of the population are forced to go hungry. Even access to the internet for the masses is heavily monitored and often controlled by the ruling forces. Besides the mainland of the Democratic People’s Republic of Korea, the country has footprints of illicit cyber activities in China as well. US security agencies have labelled the city of Shenyang, in north-eastern China, as a hacking hub for North Korea.
The group came under the international spotlight after the Sony Pictures hack in December 2014, which revealed confidential information about the employees of Sony Pictures, e-mails between employees, salaries of executive staff, and other related information. The hack was in retaliation to anger caused by the movie, ‘The Interview’, a comedy revolving around a plot to assassinate Kim Jong-Un, supreme leader of the DPRK. Although North Korea vehemently denied the hack, most cybersecurity agencies and the FBI confirmed that the hack originated from North Korea. Sony Pictures, who were the distributors for the film, canceled its release altogether.
Another favorite target of the Bureau 121 is the arch enemies of the state South Korea. In 2013, the group was responsible for targeting almost 30000 PCS of South Korean banks and defacing government websites, leaving behind a banner saying “Long live General Kim Jong-Un, the President of Re-unification.” North Korea again denied its role in the attack but stated that it was a righteous deed.