Dubbed the ‘Harkonnen Operation' this reportedly large cybercrime network discovered by Israeli security company CyberTinel is claimed to have already penetrated hundreds of blue-chip companies, government institutions, research laboratories and critical infrastructure facilities throughout Germany, Austria and Switzerland, with other European countries also likely to be affected.
CyberTinel has issued a release saying that it detected trojans siphoning critical information at a German company which holds sensitive data on behalf of its international clients, and that further investigation led to the source of the breach, revealing that the original domain was registered by a UK company and that a further 833 companies were also registered in the UK.
Subsequencly records were found in the ‘Harkonnen Operation' on more than 300 additional organisations in Germany, Austria and Switzerland, targeting key executives; the company is now working with German police investigators with the expectation that companies in other European countries, including the UK, will have also been breached.
The attack was initiated using a ‘spear phishing' penetration and executed by running two system Trojans created in Germany. “The network exploited the UK's relatively tolerant requirements for purchasing SSL security certificates, and established British front companies so they could emulate legitimate web services,” said Jonathan Gad of Elite Cyber Solutions, CyberTinel's UK partner. “The German attackers behind the network then had total control over the targeted computers and were able to carry out their espionage undisturbed for many years.”