Kaspersky Reveals How Cyber Attackers’ Mistakes Can Be Traced Back to Them

(photo) GReAT’s Senior Security Researcher based in South Korea, Noushin Shabab giving her presentation

The small clues from the errors that attackers left behind are vital when it comes to attribution and is able to provide valuable intelligence on the people behind a cyber espionage attack. Over the past 10 years, Kaspersky Lab’s researchers have been tracking advanced cyber espionage operations that originates and targets Asia Pacific countries, analysing the attackers’ careless mistakes.

For example, a threat actor known as Dropping Elephant who was most likely operating from India, targeted high profile diplomatic and economic entities in countries including Australia, China, Bangladesh, Taiwan and more. Clues revealed traces of three individuals where one in particular carelessly disclosed a personal document that led Kaspersky Lab researchers to track down the people behind Dropping Elephant.

Apart from that, Kaspersky Lab also published a report on Naikon APT, that has been tracking geo-political intelligence in countries around the South China Sea for over half a decade. Later that year, an alleged connection discovered by ThreatConnect researchers showed a domain name used in Naikon APT, found across several social media accounts, which also led to more than 700 posts and 500 photos that allowed the researchers to track down the attacker’s real location and work address.

Some of the information revealed from the mistakes and clues that led towards the individuals involved in cyber espionage includes:

  • Apparent military connections
  • Organisations engaged in undercover threat activity for State Security
  • Private companies offering intelligent services
  • Cyber espionage campaigns that consist of a variety of people with different skilled roles and responsibilities

Noushin Shabab, Senior Security Researcher says: “Once we have all the necessary pieces of the puzzle from the clues and careless mistakes, we share evidences with fellow experts to be able to know the spies behind an attack, their main objectives and techniques. All the information gathered through investing targeted attacks help us discover the truths and the myths of cyber espionage in the Asia Pacific region.”

Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab’s GReAT; Vitaly Kamluk, Kaspersky Lab’s Director of GReAT in APAC; Kyoung-Ju Kwak, Security Researcher at the Computer Emergency Analysis Team of Korea’s Financial Security Institute; Jesmond Chang, Corporate Communications Director, APAC, Kaspersky Lab; Stephan Neumeier, Managing Director at Kaspersky Lab APAC; Alejandro Arango, Global Director, Corporate Communications, Kaspersky Lab; Seongsu Park, GReAT’s Senior Security Researcher based in South Korea and Noushin Shabab, Senior Security Researcher at Kaspersky Lab’s GReAT.

Therefore, in order to protect your personal or business data from cyber attacks, here are some tips from Kaspersky Lab:

  • Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints
  • Educate and train your personnel on social engineering as this method is often used to make the victims open a malicious document or click on an infected link.
  • Conduct regular security assessments of the organisations IT infrastructure.
  • Use Kaspersky’s Threat Intelligence that tracks cyber attacks, incident or threats.


Please enter your comment!
Please enter your name here