Symantec and Kaspersky work together on Wild Neutron threat
Research traces attackers back to Romania and Russia
Kaspersky Lab and Symantec have been working together to investigate the Wild Neutron hacking group that attacked high-profile tech organisations such as Twitter, Facebook, Apple and Microsoft developers two years ago.
The research has uncovered that the hackers have managed to infiltrate almost 50 large companies since the attack was first used in 2012.
Following the high-profile attacks in 2013, Wild Neutron - also known as Morpho - faded out of sight for a year, but started to resurface in 2014 with heightened intensity.
Wild Neutron works by dropping malware onto computers using a known Flash Player exploit, signed with a legitimate certificate, meaning it can bypass security software and allows backdoor access to systems.
The hacker group hasn't limited its attacks to one geographical area or a particular industry sector. Kaspersky Lab discovered that such crimes were carried out in 20 countries including France, Russia, Switzerland, Germany, Austria, Palestine, Slovenia, Kazakhstan, the UAE and Algeria, and in businesses as diverse as law firms, companies related to Bitcoin trading, investment organisations, IT companies, healthcare organisations, as well as individual users not linked to a particular business.
Kaspersky said it doesn't know who is behind the attacks, but it has managed to link some information back to Russian and Romanian hackers.
"Wild Neutron is a skilled and quite versatile group. Active since 2011, it has been using at least one zero-day exploit, custom malware and tools for Windows and OS X," said Costin Raiu, director of the global research and analysis team at Kaspersky Lab.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Even though in the past it has attacked some of the most prominent companies in the world, it has managed to keep a relatively low profile via solid operational security which has so far eluded most attribution efforts. The group's targeting of major IT companies, spyware developers (FlexiSPY), jihadist forums (the 'Ansar Al-Mujahideen English Forum') and Bitcoin companies indicate a flexible yet unusual mindset and interests."
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.