Hackers with superior expertise targeting IT service providers

According to security experts from Symantec a safety agency, an undocumented assault syndicate having advanced hacking skills recently hijacked eleven IT service providers, believably seeking for gaining admission into the latter's client PC-networks.

The experts belonging to Symantec Assault Investigation Group said Tortoiseshell -name of the syndicate- had been active from at least July 2018, while the latest assault occurred recently in July 2019. Tortoiseshell's talent came to light with the crew each employing tailor-made as also off-she-shelf tools designed for hacking. At least 2 of the total eleven hijacks successfully gained admission into the PC-networks of IT providers at the admin level, an achievement which enabled the crew to control all the infected systems.

An expert from the research team of Symantec e-mailed that the current campaign's most sophisticated part lay in the planning process of the assaults as well as their implementation. There must have been several purposes of the attackers attained within an operational style so as for compromising the actual targets tied to the IT suppliers, the expert wrote.

He continued that the utilization of tailored, exclusive malicious software created for a sophisticated campaign like the above indicated the attackers had capabilities and resources which commonly adversaries of low to medium standards just didn't possess. All the analytical observations in compilation fabricated a larger picture of the attackers as being advanced and highly resourced. www.arstechnica.com posted this, September 19, 2019.

Basically infecting IT providers situated inside Saudi Arabia, the campaign in discussion was not at all perfect. Moreover, one tailor-made backdoor that Tortoiseshell employed would obey certain "kill me" command which let the attackers to reverse installation of the malware, at the same time eliminate every trace of contamination. This particular characteristic of the attack indicates stealth as the main aim within the campaign.

It's pretty understandable that targeting IT suppliers followed with seizing data from their computers is purposed with gaining persistent entry into the clients of those providers. Symantec doesn't conjecture on the names of companies the hackers' syndicate has been targeting. Nor does the security team enumerate what kind of IT facilities flowed in from the hacked companies.

» SPAMfighter News - 9/23/2019