State-sponsored hacking attempts frequently rely on specially written software, but that’s a risky move. Unless it’s well-made, custom code can be a giveaway as to who’s responsible. Attackers are switching things up, however. Security researchers at CrowdStrike and Cymmetria have discovered that a likely cyberwarfare campaign against military-related targets in Europe and Israel used commercial security software to both cover its tracks and improve its features.
A previously undisclosed hacking campaign against military targets in Israel and Europe is probably backed by a country that misused security-testing software to cover its tracks and enhance its capability, researchers said. The attack program relied on software usually sold by Boston-based Core Security to companies and other customers that want to test their own defenses, said researchers coordinated by Israel’s independent Computer Emergency Response Team, or CERT. The researchers from CrowdStrike and startup Cymmetria will present their unusual findings at the annual Chaos Communication Congress security conference in Hamburg on Saturday. Criminal hackers have made use of penetration-testing tools such as Metasploit for years, other experts said, but most major government-sponsored hacks have specially written tools supplemented by free and widely available programs. That is in part because commercial programs could be traced back to specific customers.