A hacking group best known for breaking into top-tier technology companies Apple, Facebook and Twitter more than two years ago is now believed to be one of a handful of highly skilled independent gangs pursuing corporate secrets for profit.
According to new research from the largest U.S. security software vendor, Symantec Corp, the group appears to be among the few that display significant talent without backing from a national government. The group stays below the radar with a small number of carefully targeted attacks.
“They are very focused, wanting everything valuable from the top companies of the world,” said Vikram Thakur, a Symantec senior manager. “The only way they could use it, in our opinion, is through some financial market or by selling it.”
Symantec said its group, which it calls Morpho, dropped out of sight for months after press accounts of the Silicon Valley breaches in early 2103 shone a light on their techniques, which included use of a previously unknown "zero-day" flaw in Oracle’s Java platform.
In a paper being released Wednesday, Symantec said Morpho came back from its absence to breach a small number of additional technology companies. It has also gone after the pharmaceutical industry and airlines, typically hitting multiple competitors in a sector and infecting a very few machines, usually in the research departments.
Morpho has breached about 49 organizations that Symantec knows about since 2012, with the number penetrated each year rising to 14 by 2015. The United States, Europe and Canada have the most victims.