A cyberespionage group has been going after international targets in the defence, government and naval industries, presumably in efforts to steal secret military information. The hacker group, dubbed Leviathan due to the group’s special interest in naval industries, has been active since 2014 and primarily focuses on targets in the US, Western Europe and the South China Sea.
Leviathan also targets universities with ties to military research and legal organisations. According to security experts at Proofpoint, in September, Leviathan hackers launched a new phishing campaign targeting a US shipbuilding company and an American university research centre with ties to the military. The phishing emails contained documents referring to job applications, resumes and a “Torpedo recovery experiment”, which the hackers used to lure victims into downloading malware.
The group’s specialised backdoor system allows the hackers to steal information about the victims’ operating system, download and upload files, and much more.
It is unclear whether the hackers were able to successfully steal any confidential data in their latest campaign.
Researchers at McAfee and F-Secure have previously detected Leviathan hackers going after targets in the South China Sea between February and October 2015. During this period, the hackers targeted the Philippines justice department, APEC organisations and an international law firm.
“The tools, techniques and targets consistently connect their work, particularly given their attention to naval and maritime defence interests and use of custom backdoors,” Proofpoint researchers said in a blog.
“While defence contractors and academic research centres with military ties should always be cognizant of the potential for cyberattacks, organisations fitting their targeting profiles should be especially wary of legitimate-looking but unsolicited emails from outside entities.”