Accessibility links

'Morpho' Hackers Pose Corporate Security Threat

A previously unknown group of highly trained hackers presents a major new digital security risk for corporations, according to a report released today by the web security firm Symantec.

Symantec researchers tracked the group, dubbed “Morpho,” back to dozens of attacks against 49 separate organizations – almost exclusively corporations working in the financial, pharmaceutical, commodities and telecommunications fields, among others.

Firms based in the United States represented more than a third of all Morpho attacks, with those based in Europe and Canada coming in second and third, respectively. Fourteen other countries were also home to corporations targeted in Morpho attacks.

"The attackers focused on obtaining access to specific systems of interest in all of the compromised organizations," the researchers wrote in a white paper.

"In most organizations, these systems were email servers: either Microsoft Exchange or Lotus Domino servers. Once the attackers had this access, they presumably then eavesdropped on email conversations and may have been in a position to potentially insert fraudulent emails as well."

Report authors said there are "some indications that this group may be made up of native English speakers, are familiar with Western culture, and may operate from an Eastern Standard Time (EST) time zone."

The attackers are also believed to be small in number but highly capable, creating custom malware and using advanced exploits to infect corporate systems and steal data.

Corporate systems targeted

Unlike many recent high-profile attacks, which have involved governments as targets or as state sponsors, the Morpho attackers focused exclusively on corporate systems, even targeting security-minded megafirms such as Apple and Microsoft.

Given such valuable intellectual property targets, the attacks may be primarily tailored for monetary gain: selling off one firm’s data to a competitor, for example.

"A key difference between attacks coming from competitors and state-sponsored attackers is that competitors are likely in a better position to request the theft of specific information of value and make more rapid use of this information than government-sponsored attackers would," the report concludes.

Global uptick

Numerous Internet security analysts and professionals have previously told VOA that hacking attacks are, in fact, becoming more numerous globally. That’s due to a variety of factors, including the relatively low expense and ease of launching persistent attacks.

"We’re kind of living in what amounts to a digital wild west," said Patrick Eddington, a policy analyst at the libertarian-leaning Cato Institute. "This is something that folks are going to have to adapt to."

The entire white paper, "Morpho: Corporate spies out for financial gain," can be read here.

  • 16x9 Image

    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.