Security researchers have uncovered yet another hacker-for-hire group armed with APT-style capabilities, which has targeted at least one high-value victim in the real estate sector.
Bitdefender revealed details of the unnamed group in a new report out today: More Evidence of APT Hackers-for-Hire Used for Industrial Espionage.
It discovered a relatively sophisticated info-stealing campaign targeting a wealthy architectural and video production company engaged in billion-dollar luxury real-estate projects in New York, London, Australia and Oman.
To carry out its industrial espionage goals, the group utilized C&C infrastructure in South Korea and a zero-day malicious payload designed to exploit vulnerable Autodesk 3ds Max software used by the victim organization for 3D modelling.
This enabled them to gain a foothold onto victim machines and deploy additional malicious tools, said Bitdefender.
The group’s information stealing capabilities include: screen capture and collection of username, computer name, the IP addresses of network adapters, Windows product name, NET Framework version, information about the processors, total and free RAM, storage details, the listing of files set to start automatically when Windows starts up, process listing and recent files.
Bitdefender said it has no evidence of any other victims at this stage, although the C&C infrastructure is still active.
The discovery of the hackers-for-hire group comes after recent revelations about the existence of similar mercenary outfits including Deceptikons and Dark Basin, as well as StrongPity, which was linked to the Turkish military.
“This is beginning to be a new trend that we're likely to see more of in the future,” warned Bitdefender global cybersecurity researchers, Liviu Arsene.
“As cyber-criminal groups are becoming more sophisticated and act more like mercenaries, it’s likely they will continue making their services available to the highest bidders. This new APT-as-a-service business model seems to be the next evolutionary step in sophisticated attacks.”