Hackers Orchestrating US Health Insurer’s Breach Extremely Professionally - Symantec

According to new research of security firm Symantec, hackers behind one of the largest attacks on a US health insurer last year are extremely professional group which has been active since at least 2012.

The security firm has nicknamed the group as Black Vine and pins it for a wave of attacks on mainly US companies including Anthem, a health insurer of US, which lost records of 80 million patients in an attack which started during early 2014 but was only discovered in February 2015.

FBI (Federal Bureau of Investigation) started hunting for the criminals and suspected that the attack has originated from China and Symantec has now said that it might have been behind dozens of other attacks over the past three years.

Symantec says that Black Vine is sufficiently well-funded to have access to manifold zero-day exploits and normally initiates espionage activities with the help of so-called watering hole attacks where a website is selected, rigged and compromised to deliver attacks on a certain profile of visitor.

Interestingly, the group of Black Vine also uses personalized malware. Customized malware of Black Vine has been identified as Hurix and Sakurei and both were identified as Backdoor.Mivast - and Mivast detected as Trojan.Sakurel.

The post explained that these three threats are capable of opening a backdoor, executing files and commands which can delete, modify and construct registry keys and collect information from an infected computer.

Researchers of the security firm analysed and found that Black Vine employed many catalogued 0-day exploits at the same time as other cybercriminals including Hidden Lynx.

Symantec says that groups distribute different payloads which are exclusive to each outfit while these connected hacking groups employ the same zero-day exploits. According to the firm, in turn, the concurrent use of these exploits "suggests that they all have access to a general 0-day exploit distribution framework.

Symantec describes Black Vine a "formidable" group with widespread resources which can often update and alter its malware to avoid detection by companies of antivirus and cybersecurity and it is likely to remain a disease in the Cybersecurity Empire for some time in future.

» SPAMfighter News - 8/7/2015