Cyber Attack news is out that a hackers group named APT Lucky Mouse has targeted Canada’s International Civil Aviation Organization (ICAO) in 2016. Highly placed sources say that the attack was of a watering-hole genre and could represent a significant threat to the aviation industry.
Cybersecurity Insiders learned that the attack was identified in November 2016 by security analysts of Lockheed Martin who later contacted the officials of ICAO to inform them that two of the servers were under the siege of cybercriminals.
But the authorities put down the alert then and made sure that it was never revealed to the world.
Technically speaking, Chinese intelligence backed APT LuckyMouse Group aka Emissary Panda, APT27 and Bronze Union is active since 2010 and is known to target 100’s of organizations around the world including Various contractors from US Defense, Financial firms and a national data center in Asia along with a drone maker from Europe.
The group is said to specialize in Water hole attacks where it infects frequently visited websites with malware which later gathers sensitive details of the web traffic to exploit on a further note. In most cases, the motive of those launching water hole attacks is to infect the visitor’s PC and then intrude into the office network of that targeted user.
ICAO cyber attack news spread to the world when Radio Canada threw some light on the attack early this week. The news resource says that the attack was reportedly investigated by a team of external security analyst from SecureWorks at that time. And was revealed later in the inquiry that the attack not only compromised two servers but also affected the accounts of some mail servers, domain admin and system admin.
Reasons to keep the attack under wraps and away from the media are yet to be known.
But the incident underlines the need for companies to apply quick and coordinated response as soon as they face a cyber attack. This is only possible when every organization has a cybersecurity incident response plan in place which can be quickly initiated when the need arises.
Wonder how many companies are having a cybersecurity incident plan in their corporate environment..?
