There is a large-scale malware and cyber-espionage operation related to high-profile attacks and government system breaches, researchers said.
“Hangover” originated in India and is a highly sophisticated and professional operation, said researchers from Norwegian security firm Norman. The attack is not a state-sponsored operation but rather an act of a private-sector group.
“It has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States,” the researchers said.
“It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations.”
The Hangover operation includes targeted attacks on organizations in the UK, Germany, Austria, China and Thailand, among other countries in Europe, Asia and the Middle East. Researchers believe the attacks primarily target operations by using spear phishing attacks that give the attackers network access.
Most notably, the attack connected to a mysterious malware outbreak found targeting OS X systems. The attack, first uncovered by researchers at a privacy convention in Oslo, Norway, was on the Macbook of a delegate from Africa. Norman researchers also believe the operation is using mobile malware no one knows anything about.
If what the researchers said is true and there is a private organization running this level of a sophisticated attack, it will bring a new level of vigilance for potential victims.
“All indications point to private syndicates of threat actors following their own motivations,” the researchers said. “With no direct evidence of state sponsorship by the Indian government or by any other nation.”