Symantec: ‘Gallmaker’ Cyber Attack Group Uses ‘Living off the Land’ Tactics to Avoid Detection

Symantec has identified a new cyber espionage group dubbed Gallmaker that launches attacks on some government, defense and military organizations in Eastern Europe and the Middle East.

The company said Thursday the Gallmaker group uses publicly available hacking tools and “living off the land” techniques to access targeted computers and avoid detection by traditional security platforms.

The group infiltrates a network by sending a Microsoft Office document that attempts to exploit the Microsoft Office Dynamic Data Exchange protocol and deploying several tools such as WindowsRoamingToolsTask, Rex PowerShell library and a legitimate version of the WinZip console.

“Gallmaker bears the hallmarks of a highly targeted cyber espionage campaign supported by a nation-state,” said Symantec CEO Greg Clark.

The company discovered the group using its Targeted Attack Analytics platform built to detect security threats through artificial intelligence

... read more at: