Cyber espionage group Pawn Storm has launched further attacks on U.S. allies, according to a Trend Micro blog post on Wednesday.
Trend Micro discovered that in April, Pawn Storm targeted Germany again through an attack on the German Christian Democratic Union (CDU), Chancellor Angela Merkel’s political party. This is the cyber group’s second attack against the country, as it attacked and compromised computers of the German Bundestag (Parliament) using data-stealing malware in April 2015.
“In past Pawn Storm attacks, we’ve seen credential theft result in downloads of complete online inboxes, along with the establishment of secret email forwarding for continuous monitoring,” said Christopher Budd, global threat communications manager for Trend Micro.
Previous reports show that Pawn Storm primarily targets military, embassy, and defense contractor personnel from the United States and its allies, which include Germany. This attack targeted personal email accounts of members of the CDU from multiple angles, phishing for credentials using a fake email server set up in Latvia.
A January Trend Micro report found that Operation Pawn Storm had targeted the following:
- NATO and the organization’s member states.
- Government, military and media entities in the U.S.
- Government, military and media entities of U.S. allies.
- Russian dissidents/political opponents of the Kremlin.
- Russian citizens across different civilian industries and sectors.
- Ukrainian activists.
- Ukrainian media.
- Ukrainian military and government.
- Governments in Europe, Asia and the Middle East.
“As per their standard MO, Pawn Storm continues to launch sophisticated attacks against entities whose views are potentially in opposition to Russia,” said Budd.
In March, Pawn Storm attacked the Turkish government, which lends credence to the assertion that Pawn Storm is targeting those governmental entities that are perceived to be a threat to Russia or question Russian actions. Pawn Storm’s cyber espionage activity can be traced to 2004.