Kaspersky and Symantec, with two separate publications, are warning about the return of the notorious Morpho hacking team, also known as Wild Neutron. The group is specifically targeting major companies, which gives them high returns.
The group was first identified in 2011, and is said to have carried out very serious attacks on Twitter, Facebook, Apple and Microsoft σε σύντομο χρονικό διάστημα, χρησιμοποιώντας ένα Java zero-day exploit.
Morpho seems to be an international hacking team that focuses on blows that bring them financial gains.
After a short space of time, Kaspersky and Symantec have revealed new attacks that seem to come from themselves.
"Attackers seem to be motivated by financial gain, using information for their own benefit or to sell it to third parties," said Symantec.
"The focus of these attacks shows that it is not a state-sponsored group or nation," added Kaspersky, who went on to say that in the malware she analyzed, she identified English, Russian and Romanian.
Technically, these new attacks appear to use a combination of an unknown (zero-day) Flash Player exploit and a stolen Acer certificate that signs the malicious code software.
These allow attackers to gain access to computers, and then collect sensitive data or take full control of various services.
To obtain the data, the Morpho team uses custom OpenSSH tunnel backdoors, protected by an encrypted private key R.S.A.
2014 and 2015 have been detected in new companies, such as IT, real estate, and investment firms in the US, France, Germany, Switzerland, Russia, Austria, the United Arab Emirates, Slovenia and Kazakhstan, as reported by Kaspersky. Symantec also reports attacks on Canadian companies.
