Computer security firm FireEye recently revealed to Business Insider that what has looked like random hacking attacks against Adobe, Microsoft, and other U.S. Companies is actually far more coordinated and connected than previous thought.
If that weren’t disturbing enough, FireEye released a report last week detailing how a recent string of eleven hacking attacks, which FireEye has dubbed Sunshop, actually share the same base tools, suggesting that a common Chinese cyber arms dealer is distributing the malware to individual hacking teams.
Here’s how FireEye thinks the hacking supply chain works:
FireEye found that the attacks shared the same tools, elements of code, digital certificates, and identical timestamps. While that might lead many to assume that all of the attacks were engineered by a single hacking team (and FireEye admits this is a possibility), because of the seeming lack of consistent objective across attacks and the wide timeframe in which the attacks occurred, FireEye concluded that it is more likely that a single “digital quartermaster” is creating the tools and then distributing them.
In the diagram below, you can see how each of the 11 attacks are connected. The yellow circles are the attacks, while the diamonds indicate the different shared properties:
Leo Mirani at Quartz explains why FireEye’s findings could have huge implications for cybersecurity:
It seems a minor discovery—after all, somebody has to build the tools with which to compromise networks. But the implications are enormous. The supplier provides attackers with a “builder tool” that allows them to easily make the weapons they need without advanced coding skills. Indeed, the builder comes as a graphical user interface, which is to programming what Windows was to DOS. Attackers would still need a degree of technical sophistication to know how to use the tools. But just as it is easier to learn how to use a computer program to write your own, it is easier to configure a pre-existing tool than to start from scratch.
If hacker arms dealers are selling easy-to-use malware bundles to the highest bidders, cyberwarfare could get a whole lot uglier.