According to data from researchers of online security company Kaspersky Lab, a small, highly sophisticated international hacking group that takes in contracts, are most likely responsible for the high-profile information theft and spying attacks done on members of the Japanese Parliament, where it was once attributed to full-time government employees and Chinese hackers.
“What we have here is the emergence of small groups of cyber-mercenaries available to perform targeted attacks,” said Kaspersky’s global research director, Costin Raiu, in an interview. “We actually believe they have contracts, and they are interested in fulfilling whatever the contract requirements are,” he said. Local officials and Japanese media have all, at one time or another, attributed the espionage attack on the Diet to Chinese hackers, but even then, very few details had been provided. Kaspersky’s research has linked the attacks to this new group, although they were unable to confirm if the Chinese government contributed to the attack.
In a report released on Wednesday, Kaspersky said that its own group of researchers had found access to many of the command computers used in the hacking campaigns, showing logs and other material that pointed to a long list of intended victims. They did confirm that some comments within the attack programs and the names of some internal files were in simplified Chinese, although members of the group were also using Japanese and Korean language. Kaspersky believes that the group has a presence in all three countries. In most of their campaigns, the hacking group usually starts with an email attachment, hoping to find access to a computer using an unpatched version of Windows. They then move to explore information from these unprotected terminals and steal information.