MANILA, Philippines – Following a cyberattack on the US Office of Personnel Management wherein hackers accessed the personal data of at least 4 million current and former federal employees, security researchers are stepping up efforts to find the culprits and defend against further attacks.
A team from cybersecurity firm RSA, led by Jared Myers, is working to push back against such attacks from the group known as Deep Panda or Shell Crew.
Myers explained that Shell Crew is “an extremely efficent and talented group,” though determining who Shell Crew really is remains a mystery.
Reuters reported on June 21 that researchers connected the breach of OPM, which was blamed on Deep Panda, to an earlier attack against US healthcare insurance company Anthem.
Despite a lack of evidence pointing to Shell Crew as the OPM attackers, Myers’ team believes Shell Crew and Deep Panda are one and the same.
How Shell Crew works
In one instance, Shell Crew reportedly used a spearphishing attack – an attack that tricks a user into infecting themselves with malware by clicking on a seemingly friendly email or link – to gain access to a US firm’s servers and data.
RSA was called in to check on an unrelated problem, but realized something was wrong. After a user fell for the attack, Shell Crew had created other means – backdoors – to access the firm’s information.
Myers’ team had to go back and study Shell Crew’s movements to detrmine where they had been in the networks and what had been stolen. Until they knew the extent of the breach, they couldn’t decisively act and kick out the intruders.
Two months after RSA found the security breach, they locked out Shell Crew. Shell Crew still assaults the fortifications put in place by RSA, but without success.
“If they’re still trying to get back in, that lets you know you’re successful in keeping them out,” Myers said. – Rappler.com
There are no comments yet. Add your comment to start the conversation.