The new campaigns mark the first significant stirrings from the group since it went silent in January in the wake of a detailed expose of the group and its exploits — and a retooling of what security researchers believe is a massive spying operation based in China.
Delving into the mechanics of the most recent attacks, malicious code uses updated version of malware Aumlib and Ixeshe to execute their hacks. According to FireEye, the software hadn't significantly evolved since 2011, but has drawn attention to what many suspect to be a government backed attempt to hack secure networks outside China.
The hacker crew APT12 was exposed in January, but these new hack attacks come courtesy of the quieter, but more active APT1. “We see them targeting hundreds of organizations, but don’t attract attention or leave much of a footprint,” Mandiant CISO Richard Bejtlich said in January.
“These subtle changes may be enough to circumvent existing IDS signatures designed to detect older variants of the Aumlib family,” FireEye said, “That additional degree of understanding can help organizations forecast when and how a threat actor might change their behavior — because if you successfully foil their attacks, they probably will.”
Related articles
No comments:
Post a Comment