Coalition of vendors unmasks cyber espionage group

More than one IT security expert has said enterprises and vendors need to work more closely to fight the rising amount of cyber crime. Last week some of the biggest names in IT security announced they have joined together to fight advanced malware.

The group, called the Cyber Security Coalition, includes Cisco Systems Inc., FireEye, F­-Secure, iSIGHT Partners, Microsoft, Symantec, Tenable, ThreatConnect, ThreatTrack Security, Volexity, and a number of other threat researchers who want to be anonymous.

The coalition also issued the first fruits of their efforts under a project they called Operation SMN, which has identified what they believe is a “sophisticated cyber espionage group” based in China dubbed Axiom. It has been operating for at least four years, the coalition said, “in support of China’s strategic national interests.”

The coalition hopes the lessons learned from working together under Operation SMN will help members refine industry-wide collaboration and mitigation efforts. Individual vendors in the coalition will release signatures and remediations for the threats.

They also issued three reports identifying separate malware families and how they can be detected.

The announcement was made by Novetta Solutions, a Virginia software company that sells cyber analytics solutions to enterprises and governments which says it has been leading the group. It’s also an initiative that comes under Microsoft’s Co-ordinated Malware Eradication program for vendors to work together to fight malware.

There are other IT security partnerships. For example, we reported in May that security gateway maker Fortinet and next generation firewall manufacturer Paolo Alto Networks invited others to join their Cyber Threat Alliance to share threat intelligence. In September Symantec and Intel’s McAfee division joined that group.

Many security companies regularly issue reports on newly-discovered threats, the fledgling Cyber Security Coalition said in a news release.   “Instead, we’re turning knowledge into action. The coalition members have synthesized and operationalized shared knowledge of a common threat with the primary objective of disrupting, degrading and globally remediating the effects of a sophisticated, well resourced, cyber espionage group (Axiom). ”

That group has leveraged “an array of mid-point proxy infrastructure within Korea, Taiwan, Japan, Hong Kong and the United States,” the report said. “as well as maintaining supporting infrastructure accounts, such as dynamic DNS services, from U.S. and Chinese providers. It has targeted Fortune 500 companies, reporters, environmental groups and public sector organizations, usually with speak phishing and strategic Web site compromises to deliver “widely available first stage implants.”

Once inside an enterprise, the Axiom will leverage hacking utilities for privilege escalation and lateral movement, embedding themselves deeply with complex and customized backdoors and rootkits that are unique to them,” the report says.

In particular, the report said, Axiom has exploited U.S. and Japanese government departments “responsible for human resource management,” individuals in south-east Asian law enforcement, and unnamed international law firms.

Axiom uses known backdoor exploits such as Poison Ivy, GhOst Rat, PlugX, ZXShell, Hikit and the Zox Family.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now