Symantec Helps Uncover Cyber Espionage Activity Targeting Satellite, Telecom, Geospatial Imaging & Defense Companies in the U...
June 19 2018 - 4:00PM
Business Wire
Symantec’s AI-based Targeted Attack Analytics
spotted the malicious behavior hidden in legitimate IT
administration tools
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber
security company, today announced that Symantec’s artificial
intelligence-based Targeted Attack Analytics (TAA) technology
helped researchers expose a new attack campaign from a group called
Thrip, which has infiltrated satellite communications, telecoms,
geospatial imaging, and defense organizations in the United States
and Southeast Asia. TAA’s advanced AI technology was instrumental
in the discovery of the attack, alerting Symantec’s Attack
Investigations team to activity that on the surface appeared
innocuous but set them on the path to uncovering the latest
campaign conducted by the Thrip group. Symantec has been monitoring
Thrip since 2013, and has discovered new tools and techniques used
by the group in this most recent set of attacks.
TAA leverages AI and advanced machine learning to comb through
Symantec’s data lake of telemetry in order to spot patterns
associated with targeted attacks. This technology essentially
automates what previously took thousands of hours of analyst time
and is available in Symantec’s Advanced Threat Protection (ATP)
product. From an initial alert triggered by TAA in January 2018,
Symantec researchers were able to follow a trail that enabled them
to determine that the campaign originated from machines based in
mainland China. Using these techniques, TAA detected suspicious
behavior despite the group’s use of legitimate operating system
features and network administration tools in an attempt to evade
detection. TAA also uncovered the use of custom malware in these
attacks, as well as identifying the types of organizations
targeted. Cyber espionage is the group’s likely motive, but given
the group has revealed a strategy of compromising operational
systems, it could adopt a more aggressive, disruptive stance should
it choose to do so.
“This is likely espionage,” said Greg Clark, Symantec CEO. “The
Thrip group has been working since 2013 and their latest campaign
uses standard operating system tools, so targeted organizations
won’t notice their presence. They operate very quietly, blending in
to networks, and are only discovered using artificial intelligence
that can identify and flag their movements. Alarmingly, the group
seems keenly interested in telecom, satellite operators, and
defense companies. We stand ready to work with appropriate
authorities to address this serious threat.”
Symantec has sharpened its efforts on network-resident malware,
as the many vulnerabilities that are widely known in IOT devices
present a new attack surface of extreme interest.
Thrip’s attack on telecoms and satellite operators exposes the
possibility that the attackers could intercept or even alter
communications traffic from enterprises and consumers. This has
added to growing privacy concerns that have been very visible
lately with the deployment of the new GDPR regulations as well as
the VPNFilter attacks on Internet routers. Symantec has responded
by opening a new privacy center and data protection lab in order to
provide consumers with more control over their data, and
organizations with tools to help them responsibly manage the data
they handle. Symantec also offers a wide variety of privacy
solutions, such as Symantec VIP and Norton WiFi Privacy.
Symantec has been protecting customers from Thrip-related
activity since 2013. The following protections are in place to
protect customers against Thrip:
File-based protection
- Trojan.Rikamanu
- Infostealer.Catchamas
- Hacktool.Mimikatz
- Trojan.Mycicil
- Backdoor.Spedear
- Trojan.Syndicasec
Customers of Symantec’s DeepSight Intelligence Managed Adversary
and Threat Intelligence (MATI) service have received multiple
reports on “ATG14” (also known as Thrip), which detail methods of
detecting and thwarting activities of this adversary.
For more information, please visit the Symantec Threat
Intelligence blog.
About Symantec
Symantec Corporation (NASDAQ: SYMC), the world's leading cyber
security company, helps organizations, governments and people
secure their most important data wherever it lives. Organizations
across the world look to Symantec for strategic, integrated
solutions to defend against sophisticated attacks across endpoints,
cloud and infrastructure. Likewise, a global community of more than
50 million people and families rely on Symantec's Norton and
LifeLock product suites to protect their digital lives at home and
across their devices. Symantec operates one of the world's largest
civilian cyber intelligence networks, allowing it to see and
protect against the most advanced threats. For additional
information, please visit www.symantec.com or connect
with us on Facebook, Twitter, and LinkedIn.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20180619006286/en/
SymantecMatt Nagel, 650-527-8000matt_nagel@symantec.com
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Mar 2024 to Apr 2024
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Apr 2023 to Apr 2024