Icefog

  • First known sample

    2011
  • Discovery

    2013
  • Number of targets

    100-1000
  • Current status

    Inactive since 2014
  • Type

    Cyberespionage toolkit
  • Targeted platforms

    OS X , Windows
  • TOP targeted countries

    CIS , Japan , South Korea , Ukraine
  • The way of propagation

    Social engineering
  • Purpose/Functions

    Cyberespionage , Data wiping
  • Special features
    Custom-made cyberespionage tools, particularly the "Icefog" backdoor set (also known as "Fucobha")
  • Targets

    Government entities , High technology companies , Maritime and ship-building groups , Mass media and TV , Military , Satellite operators , Telecoms
  • Artefacts/Attribution
    The name "Icefog" comes from a string used in the command-and-control server name of one of the malware samples.
  • Description

    A threat actor targeting government institutions, military contractors, maritime groups, telecom and satellite operations, and industrial and high-tech companies, primarily in South Korea and Japan, since 2011. The group relies on spear-phishing and known vulnerabilities to infect the system. They then use their custom-made cyber-espionage tools to steal e-mail and account passwords, sensitive information, and company plans.

    Additional information