Cybercriminals seeking to avoid detection by antimalware defenses have increasingly begun using legitimate hacking tools and tactics — in addition to their own malware — to break into enterprise networks and literally hide in plain sight. Now a new and likely state-sponsored threat group has emerged that isn’t using any custom malware at all.
Instead, the group is exclusively relying on publicly available hacking tools and living-off-the-land tactics to conduct an especially stealthy and hard-to-detect cyber espionage campaign.
Symantec, which was the first to spot the group, has named it Gallmaker. In a report this week, the security vendor described Gallmaker as targeting government and military organizations in Eastern Europe and the Middle East. The group’s targets have included several overseas embassies of a country in Eastern Europe, and also a defense contractor