The Pawn Storm hackers who tried to infiltrate NATO and White House networks have been spotted bothering another sensitive target: the team investigating the downed Malaysia Airlines MH17 flight.
Researchers at Trend Micro found suspicious SFTP, VPN, and Outlook Web Access servers configured to collect usernames and passwords from officials probing the aircraft disaster.
Team Trend reckons the malware-slinging Pawn Storm crew set up the servers in September and October as the officials prepared to publish their findings. It is likely the hackers sent spear-phishing emails to the investigators, hoping they would follow the links and enter their login credentials, believing the servers to be valid.
"These discoveries show that it is very likely that Pawn Storm coordinated attacks against different organizations to get sensitive information on the MH17 plane crash," said Trend Micro senior threat researcher Feike Hacquebord.
The infosec biz reckons the hackers weren't able to grab anyone's passwords, and noted that at least one of the phishing was caught in its early stages before any accounts were accessed without permission.
The MH17 investigation concluded last week [report PDF] that the Boeing 777 was blown up by a Russian-made Buk surface-to-air missile while over Ukraine in July 2014, murdering all 298 people onboard.
Exactly who pulled the trigger, so to speak, is not named. The passenger jet was flying over an area controlled by pro-Russian separatists when it was brought down.
This is not the first time the Pawn Storm team has shown political motivations. The hacking group, known for exploiting Adobe Flash and Reader zero-days, is linked to attacks on foreign affairs ministers.
Trend notes that the crew also appears to be targeting people critical of Russian strikes on Syria, launching attacks on websites condemning Russia's actions in the Middle East. ®