Russian spies likely tried to hack into the Dutch Safety Board’s computer systems to access a sensitive final report into the shooting down of flight MH17 over Ukraine, experts said Friday.
The cyberattacks were revealed by security experts Trend Micro which blamed a shadowy group dubbed Operation Pawn Storm, “an active economic and political cyber-espionage operation” that has targeted the White House and NATO in the past.
A spokeswoman for the Dutch board, which led the investigation into how Malaysia Airlines flight came down in July 2014 over war-torn Ukraine, confirmed the board had detected the attacks.
But there was “no evidence” that anyone “was successful in the attempt,” spokeswoman Sara Vernooij told AFP.
She declined however to reveal “how and by whom” the attacks were carried out.
Trend Micro Friday blamed Operation Pawn Storm for a “cyber-espionage operation before and after” the publication on October 13 of the board’s detailed report.
The “coordinated attack from several sides was launched to gain unauthorised access to sensitive material of the investigation conducted by Dutch, Malaysian, Australian, Belgian, and Ukrainian authorities,” the Tokyo-based company said in a statement.
Trend Micro said there were “Russian spies behind Pawn Storm” which has been active since 2007 and is “an effort to attack major political targets, especially in the Ukraine”.
The group, which has also targeted Russian dissidents and the Ukrainian government, could “be acting in the behest of parties invested in the Ukraine matter, or simply an outlier group acting on its own”.
The Dutch-led investigators concluded that flight MH17 was shot down on by a Russian-made BUK missile fired from rebel-held territory in eastern Ukraine on July 17, 2014.
All 298 people on board, most of them Dutch nationals, were killed when the Boeing 777 was blown up en route from Amsterdam to Kuala Lumpur.
But the findings triggered protests from Moscow, which maintains the BUK missile was fired by the Ukrainian military, and not by pro-Russian separatists battling to breakaway from Kiev.
Trend Micro said that on September 28, a fake server was set up to mimic the Dutch Safety Board’s safe file transfer protocol server, and on October 14 a false VPN access was also created.
On September 29, a fake Outlook web mail server was also established targeting one of the board’s partners.
The aim was to “execute phishing attacks in order to collect credentials from the personnel of the Safety Board which could give Pawn Storm unauthorised access to the SFTP and VPN servers.”
Pawn Storm is also believed to have been behind a cyberattack on France’s TV5Monde television when people, claiming to represent the Islamic State group, shut down transmissions and placed jihadist messages on the station’s website.
Filed Under: Aerospace + defense