A group of cyber criminals in 2013 Microsoft , Apple , Facebook and Twitter hacked is still active and has provided the large companies, which both malware for Windows and Mac OS X is used. Before the attack on the US Internet companies at the time the attackers used a zero-day vulnerability in Java. At the time of the attack there was no update available for the leak.
After all the attention to the burglaries, the attackers vanished in 2013 for almost a year, but now they are back and they use a previously unknown vulnerability in Adobe Flash Player and use a certificate from the Taiwanese manufacturer Acer to sign with malware. That report anti-virus firms Symantec and Kaspersky Lab today. Both virus fighters have put a group of the analysis.
This is according to anti-virus companies to a group of cyber criminals who operates on a much higher level than other cyber criminals. So is wanted there for credit card information, but to very valuable information. The attacks were the past few years aimed at law firms, Bitcoin-related companies, investment companies, IT companies, health companies and brokers, as well as individual users. Most victims are located in Canada, Europe and the United States.
Attacks
To infect victims they have used the aforementioned zero-day vulnerability in Java and at least one vulnerability in Internet Explorer 10, says Symantec. Kaspersky Lab reports that the attackers have used an unknown vulnerability in Flash Player.The victims are attacked by the leak is unknown. At the first attacks in 2012 and 2013 were hacked websites which targets already visited by itself. How the attackers in the new series of attacks proceed in 2014 and 2015, however, a mystery. In case the attack is successful, the attackers use various tools, including a backdoor for Mac OS X and Windows.
The attackers have mostly provided on mail servers. Once access to the Microsoft Exchange or Lotus Domino servers obtained the e-mail traffic probably bugged, says Symantec. There may also be "fraudulent e-mails" are injected.Furthermore, Kaspersky Lab discovered the malware that was used this year by the group signed with a legitimate certificate from Acer. The certificate has been obtained is unknown. The certificate authority that issued the certificate has been asked to withdraw the certificate.
"Compared with other intelligence groups, this group is one of the most exciting we have analyzed and monitored," Kaspersky Lab says. The virus fighter warns that the criminals are still active. Symantec also warns companies of the group, which not only has excellent operational security, but also succeeded in expanding the activities and not be noticed. "The group is a threat that companies should take seriously," said the virus fighter. The data that the group steals the possible uses for their own financial gain, or by selling to the highest bidder.
No comments:
Post a Comment