Hackers pose as ‘attractive’ women in Syrian sting

Hackers pose as attractive women in Syrian sting

Hackers stole Syrian opposition fighters' strategic battle plans by using "attractive" female Skype avatars to target victims, according to a new report.

The attacks, which happened between November 2013 and January 2014, resulted in a slew of strategic information being stolen, according to cybersecurity company FireEye. These included detailed military plans which outlined attack strategies, the political structure of the opposition and even identification cards of refugees who had escaped to Turkey.

The attacks began with a Skype user with a female persona striking up a conversation with a male opposition fighter. The hacker would ask the victim what device they were using so they would be able to send the appropriate malware.

Salih Mahmud Leyla | Anadolu Agency | Getty Images

After some conversation, the female avatar would send a "personal" photograph which was malicious. When the victim opened the file, they would unknowingly install malware, giving the hacker access to their device.

This led to the theft of 7.7 gigabytes of data being stolen, 31,107 Skype conversations, 12,356 contacts and nearly a quarter of a million messages, according to the report, called "Behind the Syrian Conflict's Digital Front Lines."

"We are really seeing the convergence of traditional methods of espionage and internet communication tools," Richard Turner, EMEA vice president of FireEye, told CNBC by phone.

"The evidence of that is the use of the attractive lady avatar to generate interest and open up individuals to deliver malware and compromise their communication."

'Devastating human cost'

Syria's civil war has been ongoing since 2011, following pro-democracy protests which were violently crushed by President Bashar al-Assad's forces.

As a result of the fighting, hundreds of thousands of residents have fled Syria to claim refuge in neighbouring countries.

FireEye's report said that the intelligence stolen by hackers likely served a "critical role" in the opposition's operational plans and tactical decisions, but added that "this tactical edge comes with a potentially devastating human cost."

Read MoreRussia, Iraq tensions stoke cyber attack threat

Interestingly, each female Skype avatar used by the hackers also had a corresponding Facebook account, which was populated with pro-opposition content, although many of the links were malicious.

A fake opposition website was also in operation, and included pictures of several women with links to social media accounts and "Live Cam ID." Both links were malicious and allowed hackers to collect data from their victims.

Identity unknown

FireEye said it was the first time it had seen a group targeting the Syrian opposition using Android malware – malicious software targeting Google's mobile operating system. The report highlighted the growing threat to mobile devices which security experts have warned will be a key battleground for hackers in 2015.

But as with most major attacks, identifying the hackers was impossible.

The report said that the attackers were likely to be based outside of Syria, and that investigation into their server location pointed towards Lebanon.

Read MoreUS should stop Syria not ISIS: Saudi prince

Turner said the group was "sophisticated" and had "unique technology" when deploying malware. He added that the infrastructure used to carry out these attacks was no longer in place, but could not say for sure whether the group had disbanded.

"Whether they are still active and have moved to another platform to disguise themselves and remain ahead of other militaries or law enforcement, who knows?" he added.