Security researcher Symantec has discovered that a number of well-known hacking collectives are actually highly trained independent groups targeting large corporations for financial gain.
The likes of Apple, Facebook and Twitter have all faced cyberattacks in the past and it is now thought that this is only viable if the information that is acquired is then sold or traded through some “financial market.”
Vikram Thakur, senior manager at Symantec, indicated that several of these groups are being tracked and their methods analysed. FIN4 is one such group, which uses knowledge of the investment banking industry and social engineering to acquire email address and other personal information. Although FIN4 has less technical skill than some other hacking groups, it has still instigated breaches at a number of large corporations.
Symantec has identified another group, which it has dubbed Morpho and is believed to be responsible for several Silicon Valley breaches in 2013. Morpho frequently uses the “watering hole” technique, infecting websites which are likely to attract their target victim. The hacking collective has been known to target iPhone developers as well as the pharmaceutical and aviation industries. Symantec is aware of 49 organisations that have been breached by Morpho since 2012, with numbers rising each year.
Symantec explained that because the group use multiple proxies to disguise its location, it is difficult to apprehend any of its members. The use of encryption to hide where they’ve stored stolen information also makes the job of law enforcement more challenging.
“Based on the profile of the victims and the type of information targeted by the attackers, Symantec believes that Morpho is financially motivated, stealing information it can potentially profit from,” the security researcher explained. “The group appears to be agnostic about the nationality of its targets, leading us to believe that Morpho is unaffiliated to any nation state.”
According to Symantec, law enforcement in both the US and Europe have been informed of its research in the hope that it can help prevent future attacks.