In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers.

After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera.

Hacker hack some Georgian news sites and inject "Georbot Botnet" behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was also using  CVE-2010-0842, CVE-2006-3730, MS06-057 and other unknown vulnerabilities to infect networks.

But finally Researchers from CERT-Georgia trick the mastermind in his own trap by infecting their own PC from Lab, then gave Cyber Attacker Fake ZIP Archive with their own virus inside and the name "Georgian-Nato Agreement". Attacker stole that archive and executed malicious files provide by researchers. That sudden give access of mastermind's computer to investigators. They turn on his camera and took his picture shown below:
"We have obtained Russian Document, from e-mail, where he was giving someone instructions how to use this malicious software and how to infect targets. We have linked him with some of German and Russian hackers. Then we have obtained information about his destination city, Internet service provider, e-mail, and etc." Researchers said.

Most Georgian Infected computers were from our Governmental Agencies and Critical Information Infrastructures . Main targets of hacker was classified information from Georgia Ministries ,Parliament ,Critical Information Ifrastructures, Banks , NGO’s.
During investigation they got the origin of hacker, which was Russian Ministry of Internal Affairs, Department of Logistics , according to google map its just next to "Federal Security Service of the Russian Federation (FSB)"

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.