The group, known as Hidden Lynx, have targeted hundreds of organisations worldwide, according to Symantec.
“They use targeted attacks to infiltrate some of the most hard-to-get-into companies in the world,” said Stephen Doherty from Symantec’s response team in Dublin.
Mr Doherty said the group uses “a suite of very sophisticated tools” to hack into the firms without being detected.
“They may be after a company’s IP (intellectual property), if they’re targeting the financial industry or legal firms they might be interested in data that might be relevant to mergers and acquisitions,” Mr Doherty said.
“The tools that they use are purpose built to navigate around a network, discover what’s on the computer, and then if they’re interested in the data they can then exflitrate that from the compromised network,” he added.
Firms involved in the operation include Microsoft, Cisco, Novetta and Symantec.
“A lot of different partners involved have different amounts of intelligence about the group, the tools they use, how they use them. Novetta brought a group of partners together to share intelligence, ensuring that everybody had the best available intelligence.”
But Mr Doherty said the group has a history of “re-tooling”.
“When a particular tool that they use gets a lot of exposure, they may abandon it and begin to use other tools.
“We saw that in our original paper with Hidden Lynx…this is an ongoing effort to track the behaviour of this group, and [the idea is that] as soon as they adapt to change, everybody is aware of the situation.”
Article Source: http://tinyurl.com/kbwqb42