New Threat Group Conducts Malwareless Cyber Espionage

Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.

Cybercriminals seeking to avoid detection by antimalware defenses have increasingly begun using legitimate hacking tools and tactics — in addition to their own malware — to break into enterprise networks and literally hide in plain sight. Now a new and likely state-sponsored threat group has emerged that isn’t using any custom malware at all.

Instead, the group is exclusively relying on publicly available hacking tools and living-off-the-land tactics to conduct an especially stealthy and hard-to-detect cyber espionage campaign.

Symantec, which was the first to spot the group, has named it Gallmaker. In a report this week, the security vendor described Gallmaker as targeting government and military organizations in Eastern Europe and the Middle East. The group’s targets have included several overseas embassies of a country in Eastern Europe, and also a defense contractor

... read more at: https://www.darkreading.com/attacks-breaches/new-threat-group-conducts-malwareless-cyber-espionage/d/d-id/1333011

by

Leave a Reply