A recent report from Symantec has revealed that a group of cyber-scammers who were possibly behind the 2010 attack on Google infrastructure are still operational and now using more sophisticated tools.
"The group behind the Hydraq attacks is very much still active, with evidence indicating their involvement in a consistent and ongoing pattern of large-scale targeted attacks," according to Symantec. "Targeted sectors include, but are not limited to: the defence industry, human rights and non-governmental organisations (NGOs) and IT service providers," it added.
"These attackers are systematic and re-use components of an infrastructure we have termed the 'Elderwood platform,'" Symantec said. "The name 'Elderwood' comes from a source code variable used by the attackers. This attack platform enables them to quickly deploy zero-day exploits. Attacks are deployed through spear phishing emails and also, increasingly, through Web injections in watering hole attacks."
"Although there are other attackers utilising zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many," a blog post by Symantec security response concludes.