"In the future, we predict the number of small, focused 'APT-to-hire' groups to grow, specialising in hit-and-run operations; sort of 'cyber mercenaries' of the modern world."
Sectors targeted included the military, shipbuilding, maritime, computing, research, telcos, satellite firms and the media. A range of Japanese and South Korean firms had been on the list including Lig Nex1, Selectron Industrial Company, Hanjin Heavy Industries, Korea Telecom, Fuji TV, and the the Japan-China Economic Association.
After sinkholing 14 of 70 detected C&C domains, the firm had discovered that 4,000 IP addresses had been infected, including 200 Windows PCs and 350 Macs. This was only a fraction of the true number of victims, Kaspersky said.
The motivation of the Icefog group was almost certainly commercial rather than ideological.
"In the future, we predict the number of small, focused APT-to-hire groups to grow, specializing in hit-and-run operations, a kind of 'cyber mercenaries' of the modern world," Kaspersky's report concludes.
Sign up for CIO Asia eNewsletters.