More than 33 major corporations in North America and Europe have been hit by an attacker that has focused on stealing corporate secrets.
Eschewing the normal targets of customer databases and credit card details, the group instead targets intellectual property and high-level corporate data, according to Symantec which has dubbed the group Morpho.
Morpho is technically proficient and well-resourced, Symantec reported today. The hacking group has developed custom malware tools to target Windows and Apple computers. It keeps a low profile and observes good operational security hygiene, for instance, always cleaning up after itself following a successful operation.
Because of its target data, the speculation is that the group is not a normal hacking gang but may instead be selling sensitive intellectual property to the highest bidder and using it to facilitate insider trading.
Morpho first showed signs of itself in 2013 when several major tech firms admitted to being compromised. Twitter, Facebook, Apple and Microsoft were compromised in very similar attacks. The attack vector was a website used by mobile developers which was compromised with Java zero-day exploits – OSX.pintsized and backdoor.jiripbot, the latter having been discovered by security researcher Eric Romang.
Worldwide, it is believed that Morpho has attacked more than 49 organisations in 20 countries. Targeted companies operate in tech, pharmaceuticals, commodities and law.