Tech

Russian cyberspies Pawn Storm add Turkey to the target list

The Russian cyberespionage group has added Turkish political targets to the list.

Written by Charlie Osborne, Contributing Writer March 8, 2016 at 2:13 a.m. PT

Cyberattack group Pawn Storm have added Turkish political targets to an ever-increasing list of people to spy upon for the benefit of Russia.

On Monday, Trend Micro researchers said in a blog post that Pawn Storm, well-known for spying upon political targets across the world, is now targeting several government offices -- including the Prime Minister's office and the Turkish parliament -- as well as one of the largest media publications in the country.

Pawn Storm's cyberattacks, aimed at compromising networks and systems for the sake of cyberespionage, often correlate to Russian politics. The group, believed to be state-sponsored, has attacked a diverse range of targets in the past including the military, diplomats, journalists, developers and political descendants.

Security

Pawn Storm often uses established vulnerabilities in software to compromise systems. Adobe Flash exploits contained within spear phishing emails have been used when targeting the systems of foreign ministries, for example, and a zero-day vulnerability based on Java was used last year to target the North Atlantic Treaty Organization (NATO) members and the White House.

In Turkey's case, Trend Micro believes the attacks are the result of previous criticism over Russia's conduct in Syria. There are a number of factors which could have led to Pawn Storm turning its eyes upon Turkey, including the Turkish Air Force's shooting of a Russian jet over Turkish airspace close to the Syrian border, internal disputes with Kurdish forces and the refugee crisis -- of which those seeking refuge are using Turkey as an entry point into Europe.

The cyberattackers have targeted the Directorate General of Press and Information of the Turkish government, the Grand National Assembly of Turkey, the Turkish newspaper Hürriyet and the office of the Prime Minster of Turkey, among others.

In one example, the researchers spotted the cyberespionage group using a series of fake Microsoft Outlook Web Access (OWA) servers to launch phishing campaigns against target countries.

Each server is setup for specific targets, and combined with social engineering techniques, Pawn Storm has been working to dupe employees at the Turkish organizations to hand over their Web credentials before deploying surveillance software to keep track of targets.

Trend Micro warned Turkish authorities of the attacks, which were mitigated in time -- but it is unlikely that in the current political climate that cyberattacks aimed at stealing politically sensitive information will stop anytime soon.