Italian cybersecurity firm Hacking Team recently suffered an attack in which serious security flaws were exposed.
Now it is believed that hackers linked to China used those security exploits to attack companies in the aerospace and defense, energy, telecommunications and healthcare sectors, writes James Griffiths for The South China Morning Post.
Hacking Team stockpiled security flaws
The hackers allegedly used tools which were stolen from Hacking Team, which sells surveillance software to authorities around the world.. The company lost 400 GB of data related to its core business of cyber security.
By maintaining a collection of flaws without informing the developers of affected programs, Hacking Team was vulnerable to an attack which would release knowledge of the security exploits to the wider hacking community.
In 2012 Reporters Without Borders called Hacking Team an “enemy of the internet” for selling surveillance tools to governments accused of human rights abuses. After it was hacked, many cybersecurity experts questioned why the company had not informed developers about the flaws.
The company stockpiled various so-called zero-day flaws, which had never been detected even by program developers. Their publication meant that hackers could use them to attack other targets.
Exploits used by hackers before developers could react
Security firm FireEye reports that it has noticed two Chinese hacking groups using Adobe Flash Player exploits.
“Zero-day exploits are extremely valuable to attack groups,” Bryce Boland, FireEye’s chief technology officer for Asia Pacific, told the South China Morning Post. “When we discover attackers using unknown exploits, we work with technology vendors to get them addressed quickly.”
He criticized the practice of stockpiling security flaws, saying that it “introduces a new risk that the exploits could be stolen and used by others.”
The hacking groups were able to carry out their attacks before Adobe issued a patch to fix the security flaw, which Hacking Team chief executive David Vincenzetti admitted to Italy’s La Stampa newspaper could be used by “terrorists [and] extortionists.”.
“Sufficient code was released to permit anyone to deploy the software against any target of their choice,” he said.
Although patches are expected to be released, there is no guarantee that everyone will download the updated versions. Users who continue to use older versions of software will still be at risk.