The BlackBerry Research and Intelligence Team has released a new report that examines how five related advanced persistent threat (APT) groups that have systematically targeted Linux servers, Windows systems, and mobile devices while remaining undetected for nearly a decade.
The report, titled "Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android," provides further insight into pervasive economic espionage operations targeting intellectual property.
Other key findings in the report include:
• The APT groups examined in this report are likely comprised of civilian contractors who readily share tools, techniques, infrastructure, and targeting information with one another and their government counterparts
• The report examines several new variants of well-known malware that are getting by network defenders through the use code-signing certificates for adware, a tactic that the attackers hope will increase infection rates as AV red flags are dismissed as just another blip in a constant stream of adware alerts
• A shift by attackers towards the use of cloud service providers for command-and-control (C2) and data exfiltration communications that appear to be trusted network traffic
The report comes on the heels of the US Department of Justice announcing several high-profile indictments from over 1,000 open FBI investigations.