GO
Loading...

From 'Kitten' to 'Panda': Dangerous hacker groups to avoid

"Magic Kitten," "Numbered Panda," "Energetic Bear." It sounds cuddly but these names in fact were given to some of the most dangerous hacker groups as noted by security firm, CrowdStrike, in its 2013 Global Threat Report. Not only are these groups far from cute, some have ties to nationalist activist groups and are specifically seeking data on corporate America.

Many of the hacker groups specifically sought access to information from U.S. corporate networks, according to the report. "The U.S. is the most innovative country in the world and these other organizations, these other nations, recognize that. By stealing that technology they're able to provide their corporations much more competitive advantage," said Shawn Henry, president of CrowdStrike Services and a retired FBI official.

(Read more: Top 2013 cybersecurity stories and what to watch for in 2014)

Here are the groups CrowdStrike researched. The global threat report was released last week:

CNBC

'Emissary Panda'

A China-based group called "Emissary Panda" engaged in what CrowdStrike calls strategic Web compromise. This kind of attack occurs when hackers use an industry website to gain a foothold into individual companies. For example, if a group wanted to access energy companies, they might attack an energy trade group and post a malicious file. If individuals who work for energy companies download the file, the hackers get access to their networks.

"Emissary Panda" was very active during the last three months of 2013 and targeted the defense and technology sectors around the world, according to CrowdStrike.

CNBC

'Numbered Panda'

Also with roots in China, "Numbered Panda" exploited individuals exposed to the G-20 Summit in Russia. The hackers are believed to have sent phishing emails that contained malicious attachments.

"Numbered Panda" and "Emissary Panda" show hacker groups are focused on infiltrating U.S. companies, Henry said. At the same time, other nations beyond China have active cybergroups.

Various hacker groups outside China are "using their capabilities and technology because they recognize the value of the information that is contained on U.S. networks," Henry said.

'Energetic Bear'

"Energetic Bear" is an example of the cyberthreat from Russia. CrowdStrike believes this group focuses on mining data from U.S. energy firms.

While Russian hackers have targeted government networks for years, Russian hackers' focus on commercial businesses including energy is a substantial development, Henry said.

'Magic Kitten'

"Magic Kitten" is a hacking group that appears to come from Iran. According to Crowdstrike, this group targets political dissidents in Iran. This group is believed to have existed since 2009 and its most recent attacks were in November 2013.


Source: CNBC

'Deadeye Jackal'

"Deadeye Jackal" is the CrowdStrike name for the Syrian Electronic Army, a political activist group that is sympathetic to Syrian President Bashar Assad, according to CrowdStrike. This group gained media attention when it hacked into the Associated Press' Twitter account last year and claimed there were explosions at the White House.

(Read more: Markets sink briefly on fake AP terror tweet)

"They targeted the U.S. media because they didn't think they were being given a fair shake in the media. By launching these attacks, they looked to promote their social cause," Henry said. Since the AP attack, the Syrian Electronic Army has targeted media and technology companies.

With law enforcement of cybercrime generally weak, criminals see cybercrime as high reward with little risk. Henry says governments need to make it more difficult and costly for cyberthieves to nab data and infiltrate ecosystems.

—By CNBC's Jennifer Schlesinger. Follow her on Twitter @jennyanne211

For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.

Featured

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," "Today" and on MSNBC.

  • “Squawk on the Street” Co-Anchor

  • CNBC Washington Reporter

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained