back to article Who needs custom malware? 'Govt-backed' Gallmaker spy crew uses off-the-shelf wares

A newly discovered spy gang is eschewing boutique attack tools to instead use publicly available exploits against unpatched systems. Known as Gallmaker, the cyber-espionage group is said to be targeting the embassies of an unnamed eastern European country and military defense installations in the Middle East. According to …

Silver badge
Stop

Stop writing two paragraphs that say exactly the same thing with the same words

"This group eschews custom malware and uses living off the land (LotL) tactics and publicly available hack tools to carry out activities that bear all the hallmarks of a cyber espionage campaign," Symantec claimed.

"The most interesting aspect of Gallmaker’s approach is that the group doesn’t use malware in its operations. Rather, the attack activity we observed is carried out exclusively using LotL tactics and publicly available hack tools."

The second paragraph is just a re-ordering of the words in the first with a bit of added fluff. No new meaning can be inferred, nothing more can be learned.

It is a waste of time and of space. Enough with that already.

4
0
Silver badge
Trollface

So this is a government which clearly doesn't have the resources to build it's own malware, so they're relying on commercial versions instead?

It's brexit-struck GCHQ isn't it?

0
2
Anonymous Coward

"It's brexit-struck GCHQ isn't it?"

Brexit has not happened just yet. But I do note that the FTSE has hit record highs in anticipation of it...

1
0
Silver badge

Fair enough

Anyone who monitors their systems will know that there's plenty of attacks made against "old" vulnerabilities.

In some cases they will succeed, because some systems will be (often a long way) behind in patching, its a common, cheap and easy attack method (but relies on finding unpatched machines, so not great against a target that tries to keep on top of security).

You can also staff such teams with less skilled people as they just need to use available attack tools, so quick and easy to set up such teams, and social engineering side does not need elite IT skills (indeed some great coders are often a bit lacking in social skills, might be a stereotype, but a grain of truth in it)

0
0
Silver badge

Can't we have some intelligent speculation as to the nation responsible?

Symantec obviously won't but AFAIA The Reg doesn't have any big government contracts.

Now, we're looking for a state that's coffers are a bit threadbare, who don't really prioritise cyber-offence, too polite to run an operation that might inadvertently be "false-flagging" somebody else, apparently aren't doing this for economic gain, and believe they've got some quasi legitimate interest in the Middle East. And in addition to the avoidance of false-flagging, the (apparent) lack of customisation suggests a considerable interest in plausible deniability.

I've no idea who fits the bill.

0
0
pig

It is an interesting idea.

By only using existing tools and outputs it makes identifying the state (if there is one) behind the group a lot harder, whilst at the same time giving them greater plausible deniability if they are correctly fingered for it.

Smart move I think, whoever it is.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018