Kaspersky Lab announced its participation in a groundbreaking INTERPOL-led cybercrime operation involving public and private sectors across the ASEAN region. Nearly 9,000 botnet command and control (C2) servers and hundreds of compromised websites, including government portals were identified from the activity.
The operation was carried out from the INTERPOL Global Complex for Innovation (IGCI)in Singapore, the research and development facility of the world’s largest police organization.
Cybercrime investigators from Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam gathered together at the IGCI to exchange information on specific cybercrime situations in their respective countries. An additional cyber intelligence report was contributed by China.
Experts from Kaspersky Lab cooperated with the INTERPOL to share fresh cyberthreat discoveries and to formulate recommended actions along with six other private companies, namely Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet, Palo Alto Networks, and Trend Micro.
Being the only vendor able to detect the infection at the time, Kaspersky Lab provided the INTERPOL team with an exclusive report on a WordPress plugin vulnerability that has affected thousands of websites in the region, including those belonging to government agencies, universities, NGOs, and private businesses.
The vulnerability allowed perpetrators to inject malicious codes to over 5,000 legitimate webpages around the globe and redirect the users to advertising pages of counterfeit goods. The vulnerability also allowed other types of malicious activity such as potentially unwanted programs (PUP) downloads, password brute-forcing, and proxy among others.
Kaspersky Lab has also furnished the IGCI with an extensive list of 8,800 botnet C2 servers found to be active in ASEAN countries, as retrieved from the Kaspersky Security Network and Botnet C&C Threat Feed. Formed from the words “robot” and “network”, a botnet is a zombie network of thousands or millions of Internet-connected devices (such as PCs, smartphones, tablets, routers, smart toys, or other gadgets) that are hacked and infected with a special malware so that these could be controlled by a cybercriminal to deliver cyberattacks.
The botnets data shared by Kaspersky Lab covered various malware families, specifically those targeting financial organizations, spreading ransomware, launching distributed-denial-of-service (DDoS) attacks, distributing spam, and enabling other criminal activities. Investigations into the C2 servers are currently ongoing.