Sign in / up

back to article Who needs custom malware? 'Govt-backed' Gallmaker spy crew uses off-the-shelf wares

A newly discovered spy gang is eschewing boutique attack tools to instead use publicly available exploits against unpatched systems. Known as Gallmaker, the cyber-espionage group is said to be targeting the embassies of an unnamed eastern European country and military defense installations in the Middle East. According to …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Pascal Monett Silver badge
    Stop

    Stop writing two paragraphs that say exactly the same thing with the same words

    "This group eschews custom malware and uses living off the land (LotL) tactics and publicly available hack tools to carry out activities that bear all the hallmarks of a cyber espionage campaign," Symantec claimed.

    "The most interesting aspect of Gallmaker’s approach is that the group doesn’t use malware in its operations. Rather, the attack activity we observed is carried out exclusively using LotL tactics and publicly available hack tools."

    The second paragraph is just a re-ordering of the words in the first with a bit of added fluff. No new meaning can be inferred, nothing more can be learned.

    It is a waste of time and of space. Enough with that already.

    4 0 Reply
  2. phuzz Silver badge
    Trollface

    So this is a government which clearly doesn't have the resources to build it's own malware, so they're relying on commercial versions instead?

    It's brexit-struck GCHQ isn't it?

    0 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      "It's brexit-struck GCHQ isn't it?"

      Brexit has not happened just yet. But I do note that the FTSE has hit record highs in anticipation of it...

      1 0 Reply
  3. tiggity Silver badge

    Fair enough

    Anyone who monitors their systems will know that there's plenty of attacks made against "old" vulnerabilities.

    In some cases they will succeed, because some systems will be (often a long way) behind in patching, its a common, cheap and easy attack method (but relies on finding unpatched machines, so not great against a target that tries to keep on top of security).

    You can also staff such teams with less skilled people as they just need to use available attack tools, so quick and easy to set up such teams, and social engineering side does not need elite IT skills (indeed some great coders are often a bit lacking in social skills, might be a stereotype, but a grain of truth in it)

    0 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Can't we have some intelligent speculation as to the nation responsible?

    Symantec obviously won't but AFAIA The Reg doesn't have any big government contracts.

    Now, we're looking for a state that's coffers are a bit threadbare, who don't really prioritise cyber-offence, too polite to run an operation that might inadvertently be "false-flagging" somebody else, apparently aren't doing this for economic gain, and believe they've got some quasi legitimate interest in the Middle East. And in addition to the avoidance of false-flagging, the (apparent) lack of customisation suggests a considerable interest in plausible deniability.

    I've no idea who fits the bill.

    0 0 Reply
  5. pig

    It is an interesting idea.

    By only using existing tools and outputs it makes identifying the state (if there is one) behind the group a lot harder, whilst at the same time giving them greater plausible deniability if they are correctly fingered for it.

    Smart move I think, whoever it is.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like