The attackers that targeted Apple, Facebook, Microsoft, and Twitter two years ago in a series of high-profile hacks never went away — and only got bigger.
New research by Symantec shows the group, which the firm is calling “Morpho,” was behind the series of hacks that led the companies into security lockdown.
In 2013, the attacks saw major Silicon Valley giants hit by a previously undisclosed Java zero-day flaw targeting staff at the company. Both Apple and Facebook, which were first hit, said no data was stolen from their networks, but an unknown number of machines had to be cleaned from malware.
The identities of the group remained unknown, with many looking at the Chinese after a spate of recent hacks. There was, however, at the time, the suggestion that “at least 40 companies” were targeted by Eastern European hackers trying to “steal company secrets.”
Since the attacks, the group has attacked 49 different organizations in more than 20 countries, mostly across the US and Europe, according to the research.
By using hand-crafted malware — OSX.Pintsized to target Macs and Backdoor.Jiripbot for Windows machines — the hackers have been able to target pharmaceutical firms, commodities, and law sectors, on the hunt for high-value information.
Within these systems, the group would target email accounts and content management systems, which would often be home to documents, product descriptions, and important files which could be sold on for insider trading purposes.
The hacking group, motivated by financial gain, is thought to target companies on request, and “ought to be taken seriously by corporations,” said the research.