FireEye report reveals possible malware “Cyber Arms Dealer”

FireEye, Inc. has announced the release of a new report, Supply Chain Analysis: From Quartermaster to Sunshop. The report details how many seemingly unrelated cyber attacks may, in fact, be part of a broader offensive fueled by a shared development and logistics infrastructure — a finding that suggests some targets are facing a more organized menace than they realize.

  • 11 years ago Posted in

“Our research points to centralized planning and development by one or more advanced persistent threat (APT) actors” said Darien Kindlund, manager of threat intelligence at FireEye. “Malware clearly remains a desired cyber weapon of choice. Streamlining development makes financial sense for attackers, so the findings may imply a bigger trend towards industrialization that achieves an economy of scale.”
The report examines 11 APT campaigns targeting a wide swath of industries. Though they appeared unrelated at first, further investigation uncovered several key links between them: the same malware tools, the same elements of code, binaries with the same timestamps, and signed binaries with the same digital certificates.


This report focuses on two key findings:
1. Shared Development and Logistics: Examining the 11 APT campaigns revealed a shared development and logistics operation used to support several APT actors in distinct but overlapping campaigns. This development and logistics operation is best described as a “digital quartermaster.” Its mission: supply and maintain malware tools and weapons to support cyber espionage. This digital quartermaster also might be a cyber arms dealer, a common supplier of tools used to conduct attacks and establish footholds in targeted systems.


2. Shared Builder Tool: FireEye researchers located a builder tool likely used in some of the 11 APT campaigns. The dialogues and menu options in the builder tool were in Chinese, indicating that it may have been created and used by Chinese speakers.


“Like traditional conflict, cyber warfare will continually evolve and change through innovation,” said FireEye CEO David DeWalt. “Not surprisingly, attackers are adopting an industrialized approach. The best hope for those playing defense is a community-based approach that not only monitors advances in cyber attacks, but also propagates information to help mitigate the new threats.”
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...