Hackers try to steal materials on MH17 crash

The Pawn Storm hackers who tried to infiltrate North Atlantic Treaty Organisation and White House networks have been spotted bothering another sensitive target: the team investigating the downed Malaysia Airlines MH17 flight.

In July 2014, Malaysia Airlines flight MH17 crashed in the eastern Ukrainian region of Donetsk en route from Amsterdam to Kuala Lumpur, killing all 298 people on board. All 283 passengers and 15 crew members lost their lives.

A still from the video released by the Dutch Safety Board which shows the moment a rocket hit the plane, bringing it down. Trend Micro Friday blamed Operation Pawn Storm for a “cyber-espionage operation before and after” the publication on October 13 of the board’s detailed report. On October 14, the group did the same with a virtual private networking (VPN) server.

On September 29, a fake Outlook Web Access (OWA) server was also created by the group to target a partner of the Dutch Safety Board in the MH17 investigation, the Trend Micro researchers said in a blog post Thursday. Trend Micro believes that these servers were used to execute phishing attacks in an effort to get hold of Safety Board staff members’ credentials, which could then be used to gain access to the actual servers.

In fact, the discovery is likely to signal the first time an advanced threat group has been caught attempting to get unauthorized access to a VPN server. The hackers set up fake servers mimicking different Dutch Safety Board servers.

Earlier, Bloomberg reported that the Pawn Storm could be a special unit of the Federal Security Service of Russian Federation. The group has recently intensified its campaigns against critics of the country’s intervention in the Syrian conflict. According to a few reports, the hackers, whose attack was not successful, might have been of Russian origin.