Corporate Spies Hack Billion Dollar Corporations

symantecAs early as 2013 Twitter, Facebook, Apple and Microsoft reported they had been compromised by a zero day Java exploit. Symantec believes they have identified a group of corporate spies responsible for the hacks and linked them to many more high-profile crimes. The team of hackers has a suite of internally developed tools at their disposal and uses working knowledge of an organization to target specific data.

Symantec’s research links the group to crimes going back to 2012. The three heaviest targeted regions are the USA, Europe and Canada with 17, 12 and 4 attacks respectively. Dozens more attacks took place in different regions around the globe. The hackers breached the website and used it to deliver a previously undiscovered Java exploit to victims’ computers.

“Morpho is a group of highly capable, professional attackers who perform corporate espionage with a laser-like focus on operational security. The team is a major threat to organizations that have large volumes of proprietary intellectual property, all of which is at risk of being stolen by this group for monetary gain.” – Symantec reports on their site.

The attackers appear to be motivated by financial gain, either by using the information themselves for their own benefit or selling it to a third party.

Little public information has been available about this group before. Prior to their discovery, the majority of documented cyberespionage attacks were from politically oriented targets like governments, central banks, and defense contractors. Governments have been known to sponsor hackers, some going so far as to attack private sector business to steal intellectual property.

corporate spy hackerThis discovery documents the existence of a new type of hacker previously at home only in cyber punk and dystopic future fantasy novels – Corporate-backed Hackers-for-Hire.

The hacking behavior of corporate spies is distinguished from those of government hackers in a few ways. First, government spies harvest massive amounts of information. The goal is to turn over foreign intellectual property to national interests to gain an advantage of competitors. Second, the incentive for a government hacker to avoid detection is much lower. They have the support – or plausible deniability – of a nation state.

Also read Amazon Echo: Spy Tool of Innovation

Corporate spies and their hacks are more likely to target specific information. Their backers don’t have military resources or the excuse of national defense as a fall back. Their non-existent corporate contracts likely have a clandestine clause. If Morpho, or another private sector hacking organization, reached out and touched and unnecessary system it would add to the chance of getting caught. Furthermore, it’s one more thing to clean up after reaching their objective.

Symantec believes Morpho is a small, well resourced team of hackers operating out of the East Coast timezone (EST). The data they steal is likely the result of jobs from a Hacking-As-A-Service business model run on the Dark Web. They advice all organizations to be aware of the persistent threat of corporate espionage groups. Their Morpho analysis shows that sophisticated teams are able to traverse different sectors of industry with minimal retooling. To protect their own users Symantec released a number of antivirus signatures and technical description of the backdoors in the Morpho toolkit.

Images from Jo Schmaltz and Shutterstock.