Written by Sean Lyngaas
Clever hackers use a range of techniques to cover their tracks on a target computer, from benign-looking communication protocols to self-erasing software programs.
It’s not very often, though, that digital attackers turn to Morse Code, a 177-year-old signaling system, for operational security. Yet that’s exactly what played a part in a year-long phishing campaign that Microsoft researchers outlined on Thursday.
Morse Code — a method of representing characters with dots and dashes popularized by telegraph technology — was one of several methods that the hackers, whom Microsoft did not identify, used to obscure malicious software. It’s a reminder that, for all of their complexities, modern offensive and defensive cyber measures often rest on the simple concept of concealing and cracking code.
Hackers were sending select targets fake invoices to try to convince them to cough up their passwords and, in some cases, to collect IP addresses and location data of victim machines. The hackers changed their encryption schemes every month to try to hide their activity.
Microsoft analysts likened the malicious attachments the hackers used to steal usernames and passwords from victims, and then to try to gain further access to networks, to a “jigsaw puzzle.”
“[O]n their own, the individual segments of the HMTL file may appear harmless at the code level and may thus slip past conventional security solutions,” Microsoft said in a blog post. “Only when these segments are put together and properly decoded does the malicious intent show.”
It’s unclear what motivated the hacking scheme was, how successful it was or in what sectors the victims operated. Microsoft did not respond to questions on the research by press time.