For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

Close

Not a member yet? Register now and get started.

lock and key

Sign in to your account.

Account Login

Harkonnen Operation — Malware Campaign

A huge data-stealing cyber espionage campaign that targeted Banks, Corporations and Governments in Germany, Switzerland, and Austria for 12 years, has finally come for probably the longest-lived online malware operation in history.

The campaign is dubbed as ‘Harkonnen Operation‘ and involved more than 800 registered front companies in the UK — all using the same IP address – that helped intruder installs malware on victims’ servers and network equipment’s from different organizations, mainly banks, large corporations and government agencies in Germany, Switzerland and Austria.

In total, the cyber criminals made approximately 300 corporations and organizations victims of this well-organized and executed cyber espionage campaign.
A developer of an endpoint security platform, uncovered this international cyber-espionage campaign hitting Government institutions, Research Laboratories and critical infrastructure facilities throughout the DACH (Germany, Austria, Switzerland) region.
From the analysis and research work done it is believed that the hackers had first penetrated computer networks as far back as 2002.

The network exploited the UK’s relatively tolerant requirements for purchasing SSL security certificates, and established British front companies so they could emulate legitimate web services.
The German attackers behind the network then had total control over the targeted computers and were able to carry out their espionage undisturbed for many years. The damage to the organizations who have been victims in terms of loss of valuable data, income or the exposure of information related to employees and customers is immeasurable.

The fact that the malware was installed via spear-phishing attacks from companies that appear legitimate — with the appropriate digital security certificates — gave the cyber criminals even more anonymity, enabling them to hit very secure servers and steal all types of top-secret documents.
The Trojans detected in the attacks were GFILTERSVC.exe from the generic Trojan family Trojan.win7.generic!.bt and wmdmps32.exe.