EyePyramid operation targeted politicians and business leaders
A hacking operation featuring the EyePyramid trojan successfully compromised the systems of numerous high-profile Italian targets, including two former prime ministers, say Italian police.
High-profile targets were targeted by a spear-phishing campaign that served a remote-access trojan codenamed “EyePyramid” as a malicious attachment.
Targets of the spying included bankers, businessmen and even several cardinals.
The president of the European Central Bank, Mario Draghi, and two former Italian prime ministers, Matteo Renzi and Mario Monti, were among targets of the campaign, according to a copy of an Italian arrest warrant obtained by Politico.
The malware was used to successfully exfiltrate over 87 gigabytes worth of data – including usernames, passwords, browsing data, and other files – from compromised systems.
Federico Maggi, a senior threat researcher at Trend Micro, has published a blog post here and in a technical summary (on GitHub) here.
Brother and sister Giulio Occhionero, 45, and Maria Occhionero, 48, were arrested in Rome on Tuesday and detained over hacking and espionage charges related to the EyePyramid campaign, Reuters reports.
Investigators appear to be proceeding on the basis that the hacking operation was used to harvest insider intelligence as part of a criminally tainted investment strategy rather than politically motivated cyber-espionage.
The “stolen data was stored in servers in Prior Lake, Minnesota, and Salt Lake City, Utah,” according to a court document seen by Reuters.
The FBI has seized the servers and will ship them to Italy, the head of Italy’s cyber crime unit told the news agency.
Hackers behind the spear-phishing campaign used the compromised email accounts of attorneys and associates in several law firms as a platform to launch the second stage of the attacks, targeting businessmen and politicians, according to Trend Micro’s Maggi. ®
Grazie molto to Milan-based reader Alex for the heads-up on this interesting case, which is unsurprisingly getting a lot of coverage in the Italian press.
Sponsored: Want to know more about Privileged Access Management? Visit The Register’s hub