Information Security News mailing list archives
Cylance researchers discover powerful new nation-state APT
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 14 Nov 2018 13:34:10 +0000 (UTC)
https://www.csoonline.com/article/3319787/advanced-persistent-threats/cylance-researchers-discover-powerful-new-nation-state-apt.html By J.M. Porup Senior Writer CSO Nov 12, 2018When a Belgian locksmith attacked the Pakistani Air Force, researchers at Cylance sat up and took notice. The locksmith probably never knew his website had been taken over by a nation-state hacking group as a command-and-control server, nor that exploit-laden Microsoft Word documents crafted to spear-phish Pakistani Air Force officers were hosted there for more than six months.
The Belgian locksmith was just a pawn in a global game of cyberespionage fought by a new nation-state hacking group, and while the target in this operation was Pakistan -- both nuclear-armed and a haven for terrorists in the region — the incredibly sophisticated layers of misdirection used by the malware to mislead and delay forensics analysis worries security researchers, who say these attack tools could be deployed against anyone else in the world at any time.
This heralds the advent of a major new nation-state player on the cyber domain, Cylance researchers speculate, who rule out all the usual suspects -- Five Eyes, Israel, India, China, Russia, and North Korea. While hesitant to attribute to any particular nation, researchers told CSO the new APT is likely Middle Eastern, but whose tactics, techniques and procedures (TTPs) are indicative of US-trained intelligence operatives, raising the possibility that ex-US intel folks have turned mercenary and are building a new APT group for a Middle Eastern nation.
The new APT group takes the cat-and-mouse game between attackers and defenders to a new level, and blue teams around the world should pay attention to the tactics used here, Cylance researchers say.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Cylance researchers discover powerful new nation-state APT InfoSec News (Nov 14)