9 hacker group publicly funded Bashny.Net

Battlefield for modern warfare is increasingly becoming internetPered you - the translation of the article Lance David Leclair, one of the authors of the blog www.listverse.com.

Hacker group today - a very real threat. And we are not talking about hackers-amateurs and a serious, professional hacking groups working on various governments. These groups are funded by their states, are able to penetrate into the media network, the network of large corporations, military agencies, governments ... penetrate and wreak havoc.

The situation is so serious that it has already called «another Cold War» , and this war is truly global, even though they see it is not all. But it will not take long, and cyber attacks will be regarded as the real military action.

1. "Syrian Electronic Army" (Syria) for the first time about the "Syrian Electronic Army" world heard in 2011, the year. The group is mainly composed of students of the Syrian universities, are engaged in propaganda in favor of the Syrian President Bashar al-Assad. The victims of their attacks have become major news agencies, such as the New York Times, the various accounts on Twitter, and even the Onion.



Also, the group in 2013 was carried out successful attacks on CNN, Washington Post and Time. And once the group was able to convince the public that the White House was an explosion, and President Barack Obama injured. The news briefly violated the work of the stock market and the Dow Jones index fell strongly.

It is also known that the hackers involved in darker deeds such as bullying people do not support Assad. The work group often uses so-called "phishing target" method, based in part on social engineering, whose main task - to trick the user to issue passwords or other confidential information. To do this, users are often directed to fake websites created specifically for "phishing».

In November 2014, the band came back and broke a lot of sites that use special content delivery network. On Web sites, pop-up window, an inscription which reads: "You have been hacked the Syrian Electronic Army».

2. «Tarh Andishan» (Iran) In 2009, the computer infrastructure of Iran proved to be seriously discredited after an attack widely advertised worm called Stuxnet. Iran responded by using his hacking opportunities for simple launch sites of action, and for full-scale cyberwarfare. So a publicly funded hacker group «Tarh Andishan» (which in Farsi means "thinkers" and "Innovators»).

The fame brought the group "Operation Axe butcher", which was held in 2012, the year and the purpose of which was at least 50 different organizations around the world who have worked in the military, commercial, educational, environmental, energy and aerospace fields.

Also, the group was attacked by the major airlines and, in some cases, they even managed to get full access to airport infrastructure and control systems.

Company Cylance, dealing with cybersecurity, had to draw a conclusion regarding the long-term goals of the group. She has published a report on Tarh Andishan, but presented in it only part of the actions of the group as "Operation Axe butcher" already at that time represented "a serious threat to the physical safety of the world».

According Cylance, infrastructure, available Tarh Andishan, is too high, so that it can not be the work of one person or a small group. Tarh Andishan uses advanced technologies such as SQL-injection, the latest exploits, backdoors, and more. It is believed that this group of about 20 participants, most of which is located in Tehran, and individual participants - in Canada, the Netherlands and the UK. Victims groups are in the US, Central America, parts of Europe, South Korea, Pakistan, Israel and some other regions of the Middle East.

3. "Dragonfly" / "Energy Bear" (Eastern Europe) Group, which Symantec calls "Dragonfly", and other companies are called "Energy Bear", works from Eastern Europe and from 2011, the year in attacks mainly energy companies. Before that, their goal was to airline and defense industry in the US and Canada. In the Symantec said that a group of hackers, "has all the hallmarks of public funding, and demonstrates a high degree of technical capabilities».

"Dragonfly" is using trojans, such as their own Backdoor. Oldrea and Trojan. Karagany. This spy software that allows you to monitor the area of ​​energy, although the methods of the group can also be used for industrial sabotage. Malicious software is usually attached to a phishing e-mails, though hackers recently improved targeting methods, and now enjoy a special website, where a series of redirects are used to until Oldrea or Karagany not fall victim to the system.

And in the later stages of his campaign hackers even learned how to infect legitimate software so that it can be downloaded and installed on as usual, but it will contain a malicious program.

The campaign group "Dragonfly" (as the Stuxnet worm to her) was one of the first serious attempts to directly control the industrial control systems. Unlike Stuxnet, whose goal was only the Iranian nuclear program, the actions of "Dragonfly" were much wider than it was long espionage and a great opportunity for serious industrial sabotage.

4. "Individual access operations" (USA) After Stuxnet US is not going to fall behind in cyber warfare and spy games. The country reserves the right to "use all necessary means - diplomatic, informational, military and economic - as appropriate and in accordance with applicable international law».

State-funded American group of hackers called the "Individual access operations" is run by the US National Security Agency.



It is because of this group became known Edward Snowden, after the German Der Spiegel magazine there were reports that the NSA listen in to thousands of telephones in the United States and abroad.

At least since 2008, the group can intercept the delivery of personal computers (which is then placed spyware) can use software and hardware vulnerabilities to break even such serious corporations like Microsoft.

Now the organization is not really hiding, and her employees even listed on LinkedIn. Their headquarters for 600 employees located in the main complex of the NSA in Fort Meade, Maryland. To get an idea of ​​their current activity, it is enough to ask the Shayvinta Dean (Dean Schyvincht), who claims to be in this group senior network operator from the Texas office. He says that in 2013, the year it was carried out "more than 54,000 global network operations, meeting the requirements of the national security services," and that everything is done staff of 14 people under his direct supervision.





5. "Ajax Security Group" / "Flying kitty" (Iran) "Ajax" originated in 2010, the year it was originally a group of "hacktivists" and defeyserov websites from Iran. But by "hacktivism" they came to cyber espionage and disclosure of political dissidents.

His public support they deny, but many believe that they were hired by the Government of Iran, plus the group tries to draw the government's attention to its public activities, clearly hoping for government funding.

The company FireEye believe that it is the "Ajax security group" has taken what is today known as "Operation saffron rose." It was a series of phishing attacks and attempts to change the web-based access to Microsoft Outlook and VPN page to obtain user credentials and information on the US defense industry. Also, the group is engaged in exposing dissidents, providing them with services, supposedly free from censorship.

6. "Division 61398" / "commentary team" / "Panda with a stick" (China) in 2013, the company Mandiant published a report which concluded that the group working on the Chinese elite military unit 61398, kidnapped hundreds of terabytes Data from at least 141 organizations around the world.

This statement is reinforced Mandiant evidence, such as the Shanghai IP-addresses of the computers. In addition, the attacking computer to use the simplified Chinese language settings, plus was still plenty of evidence that behind all this there are many people, not automated systems.

China has denied all the accusations, saying that the report "is not based on facts," and that in it a clear "lack of technical evidence».



Brad Glosserman, executive director of the Center for Strategic and International Studies Pacific Forum denied this, stating that the evidence is sufficient. In Mandiant even know where most of the attacks originated: from the 12-storey building near Shanghai, where hackers gained access to powerful fiber optic cables.

To date, about 20 high-class hacker groups are reported - are from China, and at least some of these groups may be the Chinese People's Liberation Army. These include "the commentary team" and "Panda with a stick," hacker groups, which are active from 2007 year, and which allegedly operated out of buildings owned by the Chinese People's Liberation Army.

7. "Axiom" (China) A coalition of groups related to cybersecurity, which included Bit9, Microsoft, Symantec, ThreatConnect, Volexity and other companies, defined a dangerous hacker group, which they called "Axiom».

This group specializes in corporate espionage and exposing political dissidents, as well as might be behind the attacks on Google in 2010, the year. It is believed that "axiom" - a group from China, but so far nobody has been able to determine from which part of China it works. The report of the coalition of "Axiom" says her work intersects with the "zone of responsibility" of Chinese intelligence and the Chinese government. This statement is supported by a small message and the FBI, which was published in Infragard.

The report "axiom" is described as a subgroup, which is part of a larger group, and still unknown, there are more than six years, and attacking mostly private companies that have a significant impact on the world economy. The method uses a variety ranging from massive virus attacks to complex exploits, the development of which takes years. Also, the group objectives are Western governments, various democratic institutions and dissidents who are both inside and outside China.

8. "121 Office" (Pyongyang, North Korea) are currently already heard a lot about the fact that the company Sony Pictures attacked by hackers, calling themselves "The Guardians of the world." The group was very upset because of the "Interview" - a new film, which shows the killing of the leader of North Korea Kim Jong-un. "Guardians of the world" even threatened new attacks in the style of September 11 that allegedly have occurred in cinemas and other facilities by Sony, if the film "Interview" will still be shown.

"Guardians of the Peace" wrote: "Whatever happens in the coming days, this is called" greed Sony Pictures Entertainment ". The whole world will condemn SONY ».

All this led to the fact that North Korea began to blame the attacks. The media began to appear references to the group, now known as the "121 Office." It is believed that the "121 Office" - a group of North Korean hackers and computer experts to conduct cyberwarfare. Defectors have argued that this group belongs to the Main Intelligence Bureau, military authorities of North Korea.



With the support of the government group spends hacker attacks and sabotage against South Korea and against their perceived enemies, such as the United States. In 2013, the year this group was responsible for the attack on the 30,000 computers in banks and TV stations in South Korea.

According to some "121 Office" has 1,800 employees, are considered by this elite, and which provides numerous financial incentives, such as high salary and the opportunity to move their family to Pyongyang, where employees allocate apartment. Defector Jang Si-Yul told news agency Reuters, that studied with members of this group in the University of North Korean Automation. He also said that there are foreign subsidiaries of the group.

9. "The quiet trot" (China) "The quiet trot" (the name given company Symantec) - one of the newest active hacker groups. Report-2013 describes "trot unnoticed" as a group is very organized and experienced hackers (their number - from 50 to 100), which have vast resources and great patience, allowing these resources to use. The group regularly uses (and possibly create) the latest hacking techniques, one of which was used in 2013 year to penetrate the "cloud" security firm Bit9 to obtain access to the data of its customers.

But these people do not just identity theft. They enter and objects that are considered the safest in the world. These include the defense industry, major corporations and governments of the major powers. Sources attacks may be in the United States, China, Taiwan and South Korea.

Many signs point to the fact that "The quiet trot" came from China, but so far it is unclear whether their state finances or is it just a very powerful group of mercenaries. However, their advanced skills and techniques, as well as the fact that all of their infrastructure, as well as servers for monitoring and control are located in China - all this makes one doubt that the artist does without state support.

via factroom.ru