Η Kaspersky και η Symantec με δύο ξεχωριστές δημοσιεύσεις, προειδοποιούν για την επιστροφή της περιβόητης ομάδας hacking Morpho, which is also known as Wild Neutron. The group specifically targets large companies, which brings them high monetary profits.
The group was first detected in 2011, and has reportedly carried out very serious attacks on Twitter, Facebook, Apple and Microsoft in a short period of time using a Java zero-day exploit.
Morpho seems to be an international hacking team that focuses on blows that bring them financial gains.
After a short space of time, Kaspersky and Symantec have revealed new attacks that seem to come from themselves.
"Attackers seem to be motivated by financial gain, using information for their own benefit or to sell it to third parties," said Symantec.
“The focus of these attacks shows that it is not a group sponsored by a state or nation,” adds Kaspersky, who then states that in malware which analyzed detected English, Russian and Romanian.
Technically, these new attacks appear to use a combination of an unknown (zero-day) Flash Player exploit and a stolen Acer certificate that signs the malicious code software.
These allow attackers to gain access to computers, and then collect sensitive data or take full control of various services.
To acquire the data, Morpho uses custom OpenSSH tunnel backdoors, protected by an encrypted RSA private key.
2014 and 2015 have been detected in new companies, such as IT, real estate, and investment firms in the US, France, Germany, Switzerland, Russia, Austria, the United Arab Emirates, Slovenia and Kazakhstan, as reported by Kaspersky. Symantec also reports attacks on Canadian companies.