A mysterious ring of computer hackers has expanded the functionality of a popular Trojan designed to steal info from banking websites in order to conduct espionage on government computers in several countries, according to a new report released by McAfee, an antivirus company.
The ring, known as Poetry Group for their penchant for inserting lines of Shakespeare prose into their code, has infected several hundred government computers in Poland, Japan, Spain, and Sweden. It's unclear whether the group has successfully attacked any American government computers, according to Ryan Sherstobitoff, an analyst with the company.
Sherstobitoff says the group is unlikely to be affiliated or backed by any foreign governments and likely functions as a group of "for-hire mercenaries" who sell data.
"These are likely independent hackers hired by an unknown party. We don't know their origin, but because of the embedding of poetry, we think that they are of English-speaking descent," he says.
The group uses a piece of malware known as the Citadel Trojan, which caught the FBI's attention in August 2012 when it was used to hack into online bank accounts. Since then, Poetry Group has found a way to use the Trojan to access files on any computer running Windows. According to Sherstobitoff, the Trojan is available commercially in online black markets.
"They've extended functionality to steal virtually anything that is visually displayed on a computer and can [steal] any file stored on the system," he says. "They have the ability to penetrate these government systems using something that's available commercially."
President Barack Obama has put a renewed emphasis on stopping cyber attacks in recent weeks. The night of his State of the Union address, he signed an executive order that allows government agencies to share classified information pertaining to "cyber threats" with private companies that control "critical infrastructure" such as power grids, financial systems, and water supplies.
Earlier this week, a report by cybersecurity firm Mandiant suggested a group of hackers sponsored by the Chinese government has hacked at least 141 companies in 20 major industries. Sherstobitoff says McAfee's new data aligns with Mandiant's in that hacking groups are beginning to target their attacks more specifically, rather than trying to spam thousands of users at once.
"The threats are increasing and the code is becoming more targeted towards breaking into a specific sector," he says. "We're seeing way more targeted attacks and many fewer run-of-the-mill attacks" aimed at private users.