Sophisticated Attacker Group A Real Threat: Symantec

If you haven’t heard of the Elderwood Project, you might want to pay attention to a report put out by Symantec. A group somewhere out there is active in carrying out large scale, targeted attacks including a 2009 attack on Google, deploying the “Aurora” or Hydraq attack methodology

More facts on the Elderwood Project:

  • The group have used 8 zero day vulnerabilities in their attacks. This is a huge number, as Stuxnet only used 4
  • The attackers compromise individuals and networks using 2 methods:
    • Spearphishing emails with attachments: E-mails are sent to unsuspecting recipients with attachments, usually documents, which exploit a vulnerability in order to drop a backdoor Trojan (The vulnerabilities are in Internet Explorer and Adobe Flash).
    • “Watering  hole” attacks: The attackers inject the exploit into a website which caters to an audience of interest to the attackers. One of those websites was the Amnesty International Hong Kong website. They are called watering hole attacks because the attackers wait for the victim to come to them, similar to a predator in the wild who lies in wait for its prey.
  • The targets of these attacks are mainly manufacturers of components for the defense industry. The second most common target were NGOs
  • The vast majority, 72%, of victims were located in the US (Canada ranked 2nd for number of victims)
  • Due to the scale and duration of the attacks, the attackers are likely well funded. They are most likely a large criminal organization, attackers supported by a nation state, or a nation state
  • The motivation of the attackers would appear to be the theft of intellectual property and intelligence gathering. Intelligence gathered would allow the attackers to identify individuals or information that may be useful for future attacks.

Charming isn’t it? I’d read up on the two articles that I linked to. Then I’d do everything possible to protect yourself. Clearly these are not small time players. They’re a serious threat.

Leave a Reply

%d bloggers like this: