Breaking News

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here! TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025 XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU Speedlink announces illuminated mechanical 60% gaming keyboard

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

ICAO Hit by Major Cyberattack in 2016

ICAO Hit by Major Cyberattack in 2016

Enterprise & IT Mar 1,2019 0

The International Civil Aviation Organization (ICAO) was a victim of a large-scale cyberattack back in 2016, security researchers said.

According to ESET, in November of that year, a cyber-intelligence analyst at Lockheed Martin contacted the international organization after finding that cybercriminals took control of two of its servers.

The ICAO had been targeted by a watering hole, or an attack where a cyberattacker uses a website frequented by the intended target with an exploit. The analyst at Lockheed Martin emphasized that this attack could represent a “significant threat to the aviation industry.”

This cyberattack, has been linked to the APT LuckyMouse group, also known as Emissary Panda, APT27 and Bronze Union.

Preliminary analysis of the attack by Secureworks revealed deeper problems. This analysis, as reported by Radio-Canada, indicated that the attack went beyond the incident initially noted on two servers of the organization, and that the attack also affected “the accounts of the mail servers, domain administrator and system administrator”.

In the weeks following the attack, the e-mail account of an ICAO delegate was also compromised by hackers for sending messages, however, the media reports on the attack does not indicate if both incidents are linked.

Some issues with the communication and cooperation within the international organization seem to have led to delays in the thorough analysis of the attack by Secureworks, including the deciphering of an infected mail server, an important step in warning users whose security and data may have been compromised.

Once this server was decrypted, analysts were able to link this attack to an internal account in the organization. However, it is impossible to determine if this account was compromised by the attack.

According to ESET malware researcher Matthieu Faou, LuckyMouse specializes in water hole attacks, “this APT group scans the Web for vulnerable servers. These affected servers may allow it to compromise new victims later.”

The expert said that LuckyMouse uses various tools to reach its victims, who are often targeted in Central Asia and the Middle East. “In addition to using generic tools relatively accessible on the Web, the group has developed tools of its own, including a rootkit. Last year, they stole a digital certificate belonging to a legitimate company, used to sign its rootkit.”

Anthony Philbin, ICAO’s chief of communications, reassured the public following the revelations surrounding this cyberattack. He stated, following the CBC report, “We are not aware of the serious cyber security consequences for the external partners that would have resulted from this incident …”, adding that since the attack, “ICAO has made significant improvements to its cybersecurity framework and approaches to mitigate other incidents.”

Tags: cybercrimeCybersecurityCyber Attack
Previous Post
DeNA and SOMPO Holdings Announce New Car Sharing and Leasing Service
Next Post
Oculus Raises Quality Standards For New Quest Games

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Texas Courts Faced a Ransomware Attack

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • GoDaddy Discloses Data Breach

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

Latest News

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs
Cooling Systems

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs

The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here!
Enterprise & IT

The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here!

TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025
Enterprise & IT

TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025

XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU
Cooling Systems

XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU

Speedlink announces illuminated mechanical 60% gaming keyboard
PC components

Speedlink announces illuminated mechanical 60% gaming keyboard

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed