https://www.csoonline.com/article/3319787/advanced-persistent-threats/cylance-researchers-discover-powerful-new-nation-state-apt.html
By J.M. Porup
Senior Writer
CSO
Nov 12, 2018
When a Belgian locksmith attacked the Pakistani Air Force, researchers at
Cylance sat up and took notice. The locksmith probably never knew his
website had been taken over by a nation-state hacking group as a
command-and-control server, nor that exploit-laden Microsoft Word
documents crafted to spear-phish Pakistani Air Force officers were hosted
there for more than six months.
The Belgian locksmith was just a pawn in a global game of cyberespionage
fought by a new nation-state hacking group, and while the target in this
operation was Pakistan -- both nuclear-armed and a haven for terrorists in
the region — the incredibly sophisticated layers of misdirection used by
the malware to mislead and delay forensics analysis worries security
researchers, who say these attack tools could be deployed against anyone
else in the world at any time.
This heralds the advent of a major new nation-state player on the cyber
domain, Cylance researchers speculate, who rule out all the usual suspects
-- Five Eyes, Israel, India, China, Russia, and North Korea. While
hesitant to attribute to any particular nation, researchers told CSO the
new APT is likely Middle Eastern, but whose tactics, techniques and
procedures (TTPs) are indicative of US-trained intelligence operatives,
raising the possibility that ex-US intel folks have turned mercenary and
are building a new APT group for a Middle Eastern nation.
The new APT group takes the cat-and-mouse game between attackers and
defenders to a new level, and blue teams around the world should pay
attention to the tactics used here, Cylance researchers say.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
