Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Shared development and logistics fuelling cyber arms race

FireEye : 13 November, 2013  (Technical Article)
A supply chain analysis report from FireEye reveals the common development and logistics structure used in delivering malware
Shared development and logistics fuelling cyber arms race

FireEye has announced the release of a new report, Supply Chain Analysis: From Quartermaster to Sunshop. The report details how many seemingly unrelated cyber attacks may, in fact, be part of a broader offensive fuelled by a shared development and logistics infrastructure — a finding that suggests some targets are facing a more organized menace than they realize.

“Our research points to centralized planning and development by one or more advanced persistent threat (APT) actors” said Darien Kindlund, manager of threat intelligence at FireEye. “Malware clearly remains a desired cyber weapon of choice. Streamlining development makes financial sense for attackers, so the findings may imply a bigger trend towards industrialization that achieves an economy of scale.”

The report examines 11 APT campaigns targeting a wide swath of industries. Though they appeared unrelated at first, further investigation uncovered several key links between them: the same malware tools, the same elements of code, binaries with the same timestamps, and signed binaries with the same digital certificates.

This report focuses on two key findings:

1 Shared Development and Logistics: Examining the 11 APT campaigns revealed a shared development and logistics operation used to support several APT actors in distinct but overlapping campaigns. This development and logistics operation is best described as a “digital quartermaster.” Its mission: supply and maintain malware tools and weapons to support cyber espionage. This digital quartermaster also might be a cyber arms dealer, a common supplier of tools used to conduct attacks and establish footholds in targeted systems.

2 Shared Builder Tool: FireEye researchers located a builder tool likely used in some of the 11 APT campaigns. The dialogues and menu options in the builder tool were in Chinese, indicating that it may have been created and used by Chinese speakers.

“Like traditional conflict, cyber warfare will continually evolve and change through innovation,” said FireEye CEO David DeWalt. “Not surprisingly, attackers are adopting an industrialized approach. The best hope for those playing defence is a community-based approach that not only monitors advances in cyber attacks, but also propagates information to help mitigate the new threats.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo