According to Bulletin news The new research by Symantec shows the attackers using an exploit kit known as “Elderwood” are more numerous and possibly better funded than anybody anticipated.
Elderwood is tracked since 2012 by Symantec, which concluded that the contained exploits had been used against defense-related companies, people involved in human rights campaigns and IT and supply-chain companies in the well-known “Operation Aurora” attacks.
“The attack groups are separate entities with their own agendas,” Symantec wrote in a blog post on Thursday.
The sub-group named “Hidden Lynx” targets the defense industry and Japanese users. “Vidgrab” prefers targeting Uyghur dissidents in the western region of China. Another group known as “Linfo” or “Icefog” goes after manufacturing firms, while “Sakurel” focuses on aerospace companies.
We know that creating attack code for those vulnerabilities is not cheap, so we realize that if hacking groups are purchasing the exploits from Elderwood’s developer, those organizations “must have substantial financial resources.”
Supposingthat all attacks related to Elderwood come from a larger group split into many teams, then “these employees are either being well compensated for their work or have some other motivating factor that prevents them from selling exploits on the open market themselves.”