FireEye, Inc. (NASDAQ: FEYE) said it has released a new report detailing cyber espionage attacks on European Ministries of Foreign Affairs (MFA).
The report, Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs, is available for download from http://www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf.
The cyber espionage campaign, dubbed “Operation Ke3chang” by FireEye researchers, used the Syrian crisis to falsely advertise updates about the ongoing situation to compromise MFA networks in Europe. FireEye research has discovered that the attackers are likely operating out of China and have been active since at least 2010. However, the Syria-themed attacks against MFAs began only in August 2013. The timing of the attacks precedes a G20 meeting held in Russia that focused on the crisis in Syria.1
FireEye gained visibility into one of 23 known command-and-control (CnC) servers operated by the Ke3chang actor for about one week. During this time, FireEye discovered 21 compromised machines connecting to the CnC server. These included what appeared to be three administrative tests by the attackers and two connections from other malware researchers. Among the targets, FireEye identified nine compromises at government ministries in five different European countries. Eight of these compromises were at MFAs.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle.