I’m sure everyone remembers the Sony attack occurred in 2014, when the US Government blamed the North Korean Government for the attack, materially executed by a hacking group dubbed GOP. In the past, the APT groups behind major attacks went underground for some time until the dust settles in, but now, more and more hacking crews remain active after a big score, using information gathered from the successful attack to target more victims.
Juan Andres Guerrero-Saade, senior security researcher at Kaspersky Lab. Said expressed his opinion on the Sony hack.
“They didn’t disappear when the dust settled” ha said.
Last week, during the summit in Tenerife, Guerrero-Saade and Jaime Blasco provided some news about Sony hackers:
“It took us two years to correlate all of the information we had … The same people were launching campaigns using information from the Sony attack,”
Why threat groups don’t remain under the radar after a big score?
Kurt Baumgartner, principal security researcher at Kaspersky Lab argues that in the past APT groups “would immediately shut down their infrastructure when they were reported on”, “You just didn’t see the return of an actor sometimes for years at a time.”
Baumgartner used the example of Darkhotel, a Korean-speaking attack group mostly known for hacking WiFi networks at luxury hotels, with the purpose of targeting high -evel executives. Even thought Darkhotel its not attacking hotels anymore, they are not hidden neither, in fact in July was discovered that Darkhotel was using a zero-day Adobe Flash exploit (disclosed from the Hacking Team data breach),
“Within 48 hours, they took the Flash exploit down … They left a loosely configured server”.
Darkhotel doesn’t look worried about exposure, “The hotel [attack] activity focused on business travelers has come to an end, but the other operations are highly active,”.
“I would assume they are active but just changed their” communications, explained Costin Raiu, director of the global research and analysis team at Kaspersky Lab. “We don’t detect them anymore.”
This pattern is found over and over hackers groups, and it looks like notoriety doesn’t stop these groups anymore.
About the Author Elsio Pinto
Edited by Pierluigi Paganini
(Security Affairs – APT groups, hacking)