The recently uncovered Internet Explorer zero-day vulnerability that was mitigated in the latest Patch Tuesday round of updates from Microsoft was instrumental in a series of “seemingly unrelated” targeted attacks, that now have led researchers to believe that a highly organized “shared development and logistics infrastructure” may be underlying the operations, akin to a “cyber arms dealer.”
“Our research points to centralized planning and development by one or more advanced persistent threat (APT) actors. Malware clearly remains a desired cyber weapon of choice,” the authors of the report said. “Streamlining development makes financial sense for attackers, so the findings may imply a bigger trend towards industrialization that achieves an economy of scale.”
The report reveals common elements in eleven recent operations described as Advanced Persistent Threats, including the attacks that compromised security provider Bit9. The supposed ‘cyber arms dealer’ provides the means and methods for a price, and leaves operations to the individual groups.
“This development and logistics operation is best described as a ‘digital quartermaster.’ Its mission: supply and maintain malware tools and weapons to support cyber espionage,” the report states. “This digital quartermaster also might be a cyber arms dealer of sorts, a common supplier of tools used to conduct attacks and establish footholds in targeted systems.”
The authors conclude that the slew of attacks are similar in nature due to their reliance on the central organizing element to provide the necessary tools and logistics, as opposed to there being a singular group being responsible for all the attacks.
“This scenario is less likely because each cluster of activity utilised malware samples with different artifacts such as passwords, campaign identifiers, and mutexes. These artifacts were generally consistent within each cluster of activity but differed across clusters.”
Read More Here…