Skip to main content

Kaspersky uncovers a decade-old cyber-extortion group

Kaspersky Lab says it has uncovered a cyber-extortion and hacking group that seems to have been active since at least 2005, and maybe even 2001.

The security firm says it has created malware designed to work on Microsoft Windows systems on English and Brazilian Portuguese, and it has targeted corporate victims only.

It all starts in the usual manner – a spear phishing attempt, an email carefully designed to have employees clicking, and a malicious code that infiltrates into the target network.

The malware then scans the network and alerts its makers on where it can move within it, and what data it can take, without alerting security administrators. After that, it starts taking all kinds of data.

But the fun part has not yet begun: “The information gathered is then leveraged by a fronting business to manipulate victim companies into contracting the Poseidon Group as a security consultant under the threat of exploiting the stolen information in a series of shady business deals to benefit Poseidon.”

So the company gets blackmailed into using Poseidon’s alleged services, but the malware remains on the system.

Kaspersky said the group was able to operate for so long as it doesn’t stick around for too long on a single machine. It also said at least 35 companies have been identified, with primary targets being ‘financial and government institutions, telecommunications, manufacturing, energy and other service utility companies, as well as media and public relations firms’.

Victims of this group have been found in the United States, France, Kazakhstan, United Arab Emirates, India and Russia.