Russian Hacker Behind Cyber Attack on Georgia Caught on His Webcam

Suspected Russian Hacker Behind Cyber Attack on Georgia Caught on His Webcam 

It said that there may be hundred ways to commit crimes but there are chances of one hundred and one times to get busted. Exactly the same things happened for a Russian hacker who was behind the cyber attack against the country of Georgia. Since 2011 Georgia is blaming that few Russian hackers are disturbing their cyber space while attacking its computer networks, injecting malicious code into websites, and planting spyware to steal classified information. After discovering that a cyber-spy was infecting government computers with malware designed to mine important documents, government officials decided to fight fire with fire. They intentionally allowed the malicious software to infect one particular computer, and baited it with a ZIP file called “Georgian-Nato Agreement” — exactly the sort of thing they knew the intruder would be looking for. Instead of important documents, however, the bait file was loaded with the hacker’s own malware. Once the hacker downloaded and opened the file, the software went to work stealing his documents and, best of all, hijacking his webcam to capture clear video of his face. According to the CERT-Georgia report, an analysis of the attack's command-and-control center revealed that at least 390 computers were infected in the attack. 70% of compromised PCs were based in Georgia, with other victims found in the USA, Canada, Ukraine, France, China, Germany and Russia. Computers hit in Georgia were predominantly based in government agencies, banks and critical infrastructure the report claims. 
In a 27 page report, the Georgian government explains in details that, how in early 2011 Georgian news websites were hacked in order to exploit vulnerabilities, and spread malware that hijacked infected computers and searched for sensitive documents. 
According to report by Naked SecurityGeorgian officials lay a trap. Georgia's CERT deliberately infected one of its own PCs with the malware, and planted a ZIP file named "Georgian-Nato Agreement" on its drive, hoping it would prove irresistible for the hacker. Sure enough the hacker stole the archive file and ran malware that Georgia CERT had planted inside, meaning that now investigators had control over the hacker's own computer. This made it relative child's play to capture images of the suspect at work in front of his PC. The CERT researchers claim that they also found a Russian email conversation on the suspect's computer in which he gives instruction on how to use his malware and infect targets. Furthermore, the suspected hacker's city, ISP, email address and other information were also acquired. Curiously, a domain used by the attackers was registered to an address in Moscow belonging to the Russian Ministry of Internal Affairs, department of logistics - which just happens to be based close to the Russian Secret Service (FSB). Furthermore, according to CERT-Georgia, websites used to control the infected Georgian computers have links with RBN, the notorious Russian Business Network.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...