The largest U.S. security software vendor, Symantec Corp, has advanced a new research on Wednesday that discloses important vitals of the hacking group famous for breaking into top-tier technology companies like Apple, Facebook and Twitter, two years ago and continuing their mischievous acts until date. They manage to keep themselves below the radar for the most part by limiting themselves to a few, targeted attacks.
Advertisement
“Vikram Thakur, Symantec senior manager, opined”, They are very focused, wanting everything valuable from the top companies of the world. “The way they may also put it to use, i think, is by way of a few forex market and through offering it”. Symantec is now tracking around a dozen such groups, but specifically highlighted one group called FIN4 and another named Morpho in a recent research report.
FIN4 is known to have less technical skill but uses knowledge of the investment banking world and strong social engineering, or trickery, to harvest email credentials and discover material financial information.
The hackers used a “watering hole” approach, infecting websites that employees of its targets were likely to visit. The hacking collective has been known to target iPhone developers as well as the pharmaceutical and aviation industries. Some of the companies breached, including Apple, said they found no evidence of data being stolen.
Symantec believes Morpho is a private group (not state-sponsored), but operating on a significantly higher level than most cybercrime groups.
The total number of organizations that have been breached by this group in the past three years is 49; while majority of its preys were either in USA, Canada, or Europe.
Symantec explained that because the group use multiple proxies to disguise its location, it is hard to apprehend any of its members.
Advertisement
Symantec noted, however, that Morpho has since developed an arsenal of custom hacking tools, called Securetunnel, Bannerjack and Eventlog, which, respectively send C2 server information to infected computers; retrieve default messages issued by Telnet, HTTP and generic TCP servers; and parse event logs for attackers. An Federal Bureau of Investigation spokesman did not respond to a request for comment, nor did Twitter and Facebook.
