![[article image]](https://cacm.acm.org/system/assets/0003/5624/092519_Check_Point_Research-Intezer_map.large.jpg?1569432035&1569432035 "A map of code-based connections in Russian hacker groups.")
Israeli cybersecurity firms Check Point and Intezer have charted Russian hackers' toolkits from wide-ranging analysis of 2,500 malware samples.
Intezer's automated tools sifted through samples for matches or similarities, weeding out false positives and revealing clusters that probably represent independent hacker groups.
The biggest clusters of linked nodes exhibit tightly interconnected tools used by established groups, in addition to surprising code links between hacking teams; for example, BlackEnergy malware and the malware of a team called Cozy Bear shared code that originated from a credential-stealing tool called LdPinch.
Check Point's Yaniv Balmas said the relative absence of links between certain clusters of hackers' code suggests several Russian groups are building complete toolkits independently.
Said Balmas, "That shows the huge amount of resources that Russia is willing to put into cyber offense."
From Wired
View Full Article - May Require Paid Subscription
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA
