Newly Discovered APT: How many more lay in wait?


Thought Leadership

Newly Discovered APT: How many more lay in wait?

Troy Gill

shutterstock_60239461While reading this morning about an recently discovered APT dubbed “Machete” discovered by the team over at Kaspersky Labs, I was immediately reminded of a recent briefing I attended at Blackhat USA. The talk was given by Mikko Hypponen and in this talk Hypponen discussed how the cyber-weapon capabilities of nation states are murky at best, especially in contrast to the very public nature of more traditional weapons such as nuclear warheads, naval vessels, etc.. This is never more evident than when a new piece of APT malware seemingly being used for cyber-espionage such as ‘Machete’ is made public.

This is a great example of the current state of cyber-espionage. The perpetrator of this attack may not be currently known but given the targets… it’s not unreasonable to assume that it was initiated by a nation state or some group acting on one’s behalf. “Machete” is interesting in both design and longevity (apparently has existed undetected since 2010). It is capable is a wide array of data gathering capabilities. It also appears that it is both designed by and aiming to infect targets with Spanish as the native language.

It is worthy to note that despite the somewhat unique methods and capabilities displayed in Machete, those spreading the infection are still relying on traditional infection vectors such as spearphishing emails and infected web pages. Of course it can be difficult for entities to protect themselves against attacks of this nature since it is so unclear exactly what they are trying to protect themselves from. One thing is for sure, there is not any single solution. That is why it is always advisable to employ a comprehensive layered security approach covering everything from email and web filtering to IPS and IDS.

This newly discovered APT (Machete) is likely just the tip of the iceberg when it comes to the scope of this activity on a global scale. Just as Hypponen discussed at Blackhat, we simply don’t know what types of cyber-weapons (like this) each nation is capable of deploying or currently have in place, which is what makes this situation so alarming.