 "Symantec Reveals 'Elderwood Attacks'")
Over the past three years since the now infamous Hydraq (Aurora) targeted attacks against a handful of high profile organisations; Symantec has closely monitored and analysed the activities of the group behind the attacks. Symantec has now published its analysis.
Foremost among their findings is that no other single group known to Symantec has used more zero-day vulnerabilities – eight – to further their malicious goals than the attackers behind Hydraq and other related attacks. This is an indication of the resources at the group’s disposal. The group behind the Hydraq attacks is very much still active, with evidence indicating their involvement in a consistent and ongoing pattern of large-scale targeted attacks.
These attackers are systematic and re-use components of an infrastructure that they have termed the “Elderwood Platform”. The term “Elderwood” comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits.
The attacking methodology has always used spear phishing emails. Symantec however is now seeing an increased adoption of “watering hole” attacks (compromising certain websites likely to be visited by the target organisation).
The primary targets identified are within the defence supply chain, a majority of which are not top-tier defence organisations themselves. These are companies who manufacture electronic or mechanical components that are sold to top-tier defence companies. The attackers do so expecting weaker security postures in these lower tier organisations and may use these manufacturers as a stepping-stone to gain access to top-tier defence contractors, or obtain intellectual property used in the production of parts that make up larger products produced by a top-tier defence company. The second most common target is non-governmental organisations (NGOs).
The Elderwood attackers seek intellectual property. They are most likely a large criminal organisation, attackers supported by a nation state.
Customers need to know that the Elderwood attackers are skilled and persistent. Due to the many components of this attack, a layered approach to security is essential. One form of defence is not enough. Symantec recommends that users be on the lookout for suspicious emails, limit access to sensitive data and ensure that sensitive data is encrypted. For the average consumer, it’s important to note that this threat is highly targeted at manufacturers of components for the defence industry and non-governmental organisations (NGOs), so it is not likely to impact most users.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
