An Ancient Malware Called ICEFOG APT Has Resurfaced

Posts by: Paulo Franco

icefog skull data

An Ancient Malware Called ICEFOG APT Has Resurfaced and is said to be an Updated and Even More Dangerous Strain than the First, that was Discovered Back in 2010.

Thought to be developed by Chinese cyber-espionage groups, this particular malware has been spotted recently in multiple attacks.

So, What’s ICEFOG and How Can it Affect Us?

The latest two rounds of the ICEFOG malware were seen earlier in the 2010’s and they are dubbed ICEFOG-P and ICEFOG-M (AKA Fucobha). Both strains that have recently been discovered seem to be far superior to the original version that dates to as early as 2010 and they seem to have undergone some serious development to bolster their capabilities.

The 2010 version was used by Chinese hackers for use in political espionage and for gathering intelligence. They were also targeting many utility facilities such as telecommunications, energy, media and transportation. There was also some question as to whether the hackers were also targeting some financial organizations, but this kind of attack was mild compared to the political espionage campaigns.

According to FireEye senior researcher Chi-en Shen, the earlier strains of the malware, between 2011 and 2013 were thought to have been used by an exclusive group of hackers because the operations were pretty consistent.

The new versions (on the other hand) seem to be being used by many different groups, all with their own agenda. Its unclear how many samples of the malware are being shared but it can’t be so common otherwise there would have been more red flags about it by now.

"The variant ICEFOG-M, which appeared in 2019, used a file-less payload, making the campaign harder to track," Shen said.

The conclusion is that the ICEFOG malware is now here to stay. After receiving so many updates over the past few years, and after proving successful in flying under the radar, Chinese cyber-espionage groups are most likely to continue using it for the foreseeable future.

Chi-en Shen presented these findings at the CONFidence security conference in Krakow earlier in the week.