Shadows in the Cloud: Investigating Cyber Espionage 2.0

Citation
Information Warfare Monitor & Shadowserver Foundation,Shadows in the Cloud: Investigating Cyber Espionage 2.0 (Apr. 2010) (full-text).

Overview
The report documents a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries.

The investigation recovered a large quantity of stolen documents &mdash; including sensitive and classified materials &mdash; belonging to government, business, academic, and other computer network systems and other politically sensitive targets. These include documents from agencies of the Indian national security establishment, and the Offices of the Dalai Lama. The stolen data included information voluntarily provided to Indian embassies and consulates by third-party nationals, including Canadian visa applications, as well as those belonging to citizens of other countries. Additionally, sensitive personal, financial, and business information belonging to Indian officials was systematically harvested and exfiltrated by the attackers.

The report analyzes the malware ecosystem employed by the Shadows' attackers. The system leveraged multiple redundant cloud computing systems, social networking platforms, and free web hosting services in order to maintain persistent control while operating core servers located in the People's Republic of China (PRC). Although the identity and motivation of the attackers remain unknown, the report provides evidence that the attackers operated or staged their operations from Chengdu, PRC.