In an espionage campaign that focused, the attackers used commercial security against military targets in Israel and Europe. That, scientists from security Crowd Strike and Cymmetria know yesterday during the CCC hacker conference in Hamburg.
It is the penetration testing software from the US Core Security, which can be tested in various vulnerabilities. The company claims that the software can test 25% more unique vulnerabilities than the competition. It’s been known for years that cyber criminals use penetration testing software such as Metasploit. With more targeted espionage campaigns often deployed proprietary malware, plus all kinds of free and familiar software. The use of commercial software was usually avoided because the trace to a particular customer back.
The use of proprietary malware and tools, however over the years in various campaigns were found to make it easier for researchers to attribute these activities to a particular country. By using the software of Core Security, which costs between 10,000 and 20,000 dollars, the attackers could hide their tracks. It would also help countries that do not yet have extensive cyber espionage opportunities to increase their arsenal. “The most likely answer is that they did not have the ability to do it themselves,” said analyst Tillmann Werner told Reuters.
When attacked organizations was an e-mail with an Excel spreadsheet sent to senior executives in most cases. The spreadsheets were provided with a malicious macro. If the user gave permission to execute the macro, which is blocked by standard Office, malware was installed. This malware then downloaded a part of Core’s Core Impact tool. Core Security says that it is not permitted to use the software by third parties. Nor is it known with abuse of the tool in the past five years. If, however, there is evidence then the company will cooperate with an investigation.
No comments:
Post a Comment