More often than not, we come across infamous malicious groups who target different victims using the same piece of malware. In such circumstances, the focus is usually on the group and the different evolving versions of their exploits.
A recent example is a variant of InterPlanetary Storm malware that has recently evolved from targeting Windows and Linux to infect Android and macOS.
However, sometimes, it may be useful to step back and realize that the people behind these groups with very diverse skills too can be monitored, even uncovering their identity in some cases.
Keeping this frame of thought in mind, recently researchers from Checkpoint have devised a method to attach a unique identity to malware developers which will not only allow cybersecurity professionals to know who’s behind a specific exploit but also know of all other exploits that those specific actors may have developed.
To do this, they focused on 2 threat actors known for various zero-day exploits:
Volodya AKA BuggiCorp
Playbit AKA luxor2008
Seeing their different exploits, they were able to fingerprint characteristics that were specific to each group. Then these characteristics were sought in other exploits and wherever similar cases were found, it was indicative of the fact that the same authors were behind them. Explaining the story behind it, the researchers stated in a research report that:
When analyzing a complicated attack against one of our customers, we noticed a very small 64-bit executable that was executed by the malware. The sample contained unusual debug strings that pointed at an attempt to exploit a vulnerability on the vi ..
Support the originator by clicking the read the rest link below.
