National Data Center Hacked For Government Accounts

LuckyMouse is a disarming name for the work this hacking group does. LuckyMouse is believed to be Chinese in affiliation and has successfully hacked a central Asian national data center – the specific country has not yet been named. Their current campaign has been active since the fall of 2017 and was discovered in March 2018 by Kaspersky Lab security researchers. It’s not the first time LuckyMouse (also known as APT27, EmissaryPanda and others) is in the news. Since its inception in 2010, the group has been behind many attacks including hacking huge amounts of data from US-based defense contractors.

LuckyMouse’s goal of attacking the Asian data center is accessing and compromising government websites, according to Kaspersky “at one fell swoop.” The data center holds a massive amount of valuable and sensitive information and hosts a variety of government websites. In the past, this group was known to use weaponized documents that exploited Microsoft Office vulnerability. However, according to this recent report, the hackers inject a malicious JavaScript and then use their signature move – a watering hole attack.

Watering hole attacks work by infecting websites that members of a group or entity are known to frequent. From there, the user’s computer is infected with malware, giving hackers access to target the network where the user is employed. The watering hole sites are usually well-known and reputable websites with secure reputations. The last thing many of their users expect is having their devices infected on these sites, so their guard is likely down. In this case, the LuckyMouse watering hole targeted employees of the government national data center.

What LuckyMouse does with the hacked information is yet to be known. The possibilities are endless and are a source of great concern. Whether a hacking group is state-sponsored or their target is a government, we know their intentions are politically or financially motivated – or both. A state-sponsored North Korean hacking group targeted Sony Pictures. They were set to release a film portraying Kim Jong Un in an unflattering light and successfully had the film pulled from public release.

We know Russia targeted the 2016 US presidential election, and earlier this year, thousands of government websites worldwide were hacked to mine cryptocurrency. LuckyMouse may have successfully hacked a central Asian country this time, but groups like them and many more are waiting to pounce on a data system, often targeting human weakness. Their motives may vary, but the result is often the same – success. What it also shows is that even national governments are vulnerable to attack. If they are, your organization is too.