31 Oct 2012
The Georgian government published pictures of a Russian hacker who allegedly stole data from the country’s web sites, according to a Cyber Espionage report. The authorities managed to grab two webcam images of the Russian after luring him with a bogus “Georgian-Nato Agreement” ZIP archive. The bait was set up by the country’s Computer Emergency Response Team, and actually contained the hacker’s own secret spying program.
“Advanced malicious software was collecting sensitive, confidential information about Georgian and American security documents and then uploading it to some Command and Control Servers (which changes often upon detection),” reads the report. “After investigating attackers’ servers and malicious files, we have linked this cyber attack to Russian official security agencies.”
The sophisticated “Georbot Botnet” used 0-day vulnerabilities, embedding itself in links on major Georgian news sites, and changing specific news pages such as that of the NATO delegation visit in Georgia.
The malware had full control of infected computers and could turn on microphones and webcams to steal government data from infected computers. It was also able to search for sensitive words inside MS Office and PDF documents, send files to the remote server, steal certificates, take screenshots, and execute arbitrary commands.
Georgia’s Computer Emergency Response Team discovered the hacks last year in March and said 390 computers were infected. While 70 per cent targeted Georgia, others breached major governments such as the US (5%), Canada, Ukraine, France, China (4%), Germany (3%), and Russia itself (3%).