Even though many countries have segments of their law enforcement agencies specializing only in cyber-attacks and the capture of the criminals who take part in them, isn’t it strange how many of these attacks in fact go unpunished.
For instance, one of these attacks was targeted at SONY during 2014 which resulted in the release of extremely sensitive and potentially volatile information regarding both customer personal information and information about the company’s future plans and exploits.
However through several investigations, several sources and information were pooled together and a pattern was noticed, SONY was in fact not the sole target according to Jaime Blasco, who is the vice president and chief scientist of ALIEN VAULT. Mister Blasco further elaborated the attacks are in fact focused on intelligence gathering and only occasionally on wiping the information on the disk drives themselves. This elaborate investigation took nearly two years to complete and was worked on by multiple security firms from different angles.
The US government even at one point stated that they believe many of these attacks came from NORTH KOREA.
But as the industry changes, so do these hacker groups. In the early day of their inception many of these groups would go into hiding the moment they would suspect that they have been discovered or outed, and would shut down any sort of infrastructure connected to them and their groups activities, but these new breeds of hackers stay public, and continue to operate after being discovered. For instance, one of the most known Korean hacking groups is “DARKHOTEL”. They are known for hacking into the wireless networks of many executive and luxury hotels in order to get information on their guests and employees that can sometimes be important political and corporate executives.
It seems that DARKHOTEL does not have an advanced infrastructure, or, at least, they do not appear to have one, instead, they are extremely efficient at their attacks, highly advanced tactics and attack patterns, through which they can break through even the toughest of cyber defenses.
Another important group called the EQUATION GROUP, for instance, has gone dark for nearly a year, indicating that these trends of hacker groups lacking infrastructure and instead focusing on the skill of its hackers are relatively new. The EQUATION GROUP is suspected to have ties to both STUXNET and FLAME, and in fact, some suspect they even have ties to the US government. They employ advanced tools and special techniques that allow them to hack air-gapped computers and even reprogram some hard drives so that the malware they deliver onto them cannot be removed or even detected.
An interesting fact, however, is that even in these areas of our industry where there are no countries, but only cyber space people react differently based on culture. The far eastern hacking groups do not appear to care that very much about being discovered and tracked, while not the same can be said for the western counterparts.
There are however individual groups who drift away from these trends. An attack US Office of Personnel Management orchestrated by one such group resulted in them doing nothing more than just changing their MO and became harder to track, but even with that, these groups were on a completely different level compared to many of the Chinese groups present today.