Sign In

Communications of the ACM

ACM TechNews

Map Shows All the Code Connections Between Russia's Hacker Groups

View as: Print Mobile App Share:
A map of code-based connections in Russian hacker groups.

Two Israeli cybersecurity firms have charted Russian hackers' toolkits from an analysis of 2,500 malware samples.

Credit: Check Point Research/Intezer

Israeli cybersecurity firms Check Point and Intezer have charted Russian hackers' toolkits from wide-ranging analysis of 2,500 malware samples.

Intezer's automated tools sifted through samples for matches or similarities, weeding out false positives and revealing clusters that probably represent independent hacker groups.

The biggest clusters of linked nodes exhibit tightly interconnected tools used by established groups, in addition to surprising code links between hacking teams; for example, BlackEnergy malware and the malware of a team called Cozy Bear shared code that originated from a credential-stealing tool called LdPinch.

Check Point's Yaniv Balmas said the relative absence of links between certain clusters of hackers' code suggests several Russian groups are building complete toolkits independently.

Said Balmas, "That shows the huge amount of resources that Russia is willing to put into cyber offense."

From Wired
View Full Article - May Require Paid Subscription


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account