This diagram shows the similarities of eight zero-day exploits linked to the same hacking group that hit Google three years ago.
The hackers who breached the defenses of Google and at least 34 other big companies three years ago have unleashed a barrage of new attacks since then, many that exploit previously undocumented vulnerabilities in software from Microsoft and Adobe, a new report has found.
The number of victims affected, the duration of the campaign, and the difficulty of identifying and exploiting so-called zero-day vulnerabilities mean the resources required "could only be provided by a large criminal organization, attackers supported by a nation state, or a nation state itself," the report (PDF), which was prepared by researchers from antivirus provider Symantec, concluded. Targets over the last three years have mainly been located in the defense, energy, and finance industries and educational and non-governmental organizations.
Most significant about the group is "seemingly an unlimited number of zero-day exploits," which refer to vulnerabilities in widely used software that are exploited before there's public knowledge that they exist. Using an infrastructure Symantec researchers have dubbed Elderwood—a name derived from a variable found in some of its software—the hackers have exploited four zero-day bugs this year alone, and evidence suggests the group has wielded another four zero-days over the past two years. The use of so many previously undocumented vulnerabilities indicates the group has an extremely high level of technical capability.
Read 10 remaining paragraphs | Comments
DIGITAL JUICE
No comments:
Post a Comment
Thank's!