Cylance researchers discover powerful new nation-state APT

[InfoSec News <alerts () infosecnews org>]

https://www.csoonline.com/article/3319787/advanced-persistent-threats/cylance-researchers-discover-powerful-new-nation-state-apt.html

By J.M. Porup
Senior Writer
CSO
Nov 12, 2018

When a Belgian locksmith attacked the Pakistani Air Force, researchers at 
Cylance sat up and took notice. The locksmith probably never knew his 
website had been taken over by a nation-state hacking group as a 
command-and-control server, nor that exploit-laden Microsoft Word 
documents crafted to spear-phish Pakistani Air Force officers were hosted 
there for more than six months.

The Belgian locksmith was just a pawn in a global game of cyberespionage 
fought by a new nation-state hacking group, and while the target in this 
operation was Pakistan -- both nuclear-armed and a haven for terrorists in 
the region — the incredibly sophisticated layers of misdirection used by 
the malware to mislead and delay forensics analysis worries security 
researchers, who say these attack tools could be deployed against anyone 
else in the world at any time.

This heralds the advent of a major new nation-state player on the cyber 
domain, Cylance researchers speculate, who rule out all the usual suspects 
-- Five Eyes, Israel, India, China, Russia, and North Korea. While 
hesitant to attribute to any particular nation, researchers told CSO the 
new APT is likely Middle Eastern, but whose tactics, techniques and 
procedures (TTPs) are indicative of US-trained intelligence operatives, 
raising the possibility that ex-US intel folks have turned mercenary and 
are building a new APT group for a Middle Eastern nation.

The new APT group takes the cat-and-mouse game between attackers and 
defenders to a new level, and blue teams around the world should pay 
attention to the tactics used here, Cylance researchers say.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_