Morpho-hacker group attacked for years by big companies out of financial gain ‘




A group that is has been renamed Morpho since 2012 major companies including Facebook, Microsoft and Apple with sophisticated methods, are likely to make money with stolen sensitive information. That security company Symantec claims after investigation.

Symantec calls Morpho a group that skilled, tenacious and effective operating since at least March 2012. After examination, the security to the conclusion that it is a small group that carries out its attacks either on behalf of customers or even stolen data merchandises. The company does not rule out that it is a state of economic espionage organization.

Morpho focused in recent years include companies from the pharmaceutical, technology and legal angle. There were target Internet companies, including Facebook , Twitter, Microsoft and Apple. The criminals searched sensitive business information as intellectual property. Most companies were American, but Symantec claims that a Dutch company was attacked, though not known to what company it is. A government organization in the Middle East and an American university were attacked, but Symantec thinks it was’ collateral damage.

That it is a group with advanced skills, Symantec derives from the use of at least one zero-day exploit, a vulnerability that was not known and which no patch at the time of the discovery. This involved Java exploits CVE-2013-0422 , which was distributed through the website to Apple within the networks in 2013 penetrate .

Symantec also suspects that was used a zero-day exploit for Internet Explorer. In June 2014, the attackers managed to put a file with the name bda9.tmp via the browser on a system of a victim. Using that file a variant of Backdoor.Jiripbot created with the file LiveUpdate.exe. IE 10 was completely updated at that time, though it may be possible to go a leak in a plug-in.

Morpho used proprietary malware tools with names like Hacktool.Multipurpose, Hacktool.Bannerjack and Hacktool.Eventlog. The grouping erased traces precise and could occur in numerous ways detection, including by decrypting Virtual Box virtual machines from a TrueCrypt file and turn on command & control servers.


In: Technology & Gadgets Asked By: [15508 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »