BY OLIVIA BEAVERS – 10/10/18 09:00 AM EDT 9
A new cyber group appears to have been targeting government and military organizations this past year as part of an espionage campaign, a security firm said on Wednesday.
Symantec researchers say they have discovered a new cyber group that they’ve dubbed “Gallmaker,” which has carried out highly targeted attacks against targets such as overseas embassies in an Eastern European country as well as military and defense targets in the Middle East.
Symantec says that the group is likely state-sponsored.
“Gallmaker’s activity appears to be highly targeted, with its victims all related to government, military, or defense sectors,” a Symantec blog post reads, noting that the attacks are “unlikely to be random or accidental.”
“Gallmaker’s activity points strongly to it being a cyber espionage campaign, likely carried out by a
state-sponsored group,” it continues.
Researchers at Symantec, who first detected Gallmaker’s activities in December 2017, said the most recent Gallmaker activity they’ve observed was in June 2018.
The company says Gallmaker’s attacks are difficult to observe because it uses ” ‘living off the land’ tactics and publicly available hack tools, [making] its activities extremely hard to detect.”
Symantec said their researchers have observed hackers increasingly use the living off the land tactics because it helps them hide cyber operations from detection.
“One of the primary reasons for the increased popularity of these kinds of tools is to avoid detection; attackers are hoping to ‘hide in plain sight’, with their malicious activity hidden in a sea of legitimate processes,” the blog post says.
Symantec said its Targeted Attack Analytics technology, which uses advanced artificial intelligence and machine learning to detect cyber incidents, helped its team of experts detect Gallmaker.