According to one security company, there are many groups hackers which are very dangerous and we ignore them. Often when we hear of major attacks on multinationals in the Europe and America, our mind goes to well-known hackers, such as China's APT10 team. However, this is not always the case. Context researchers have identified an unknown group, which they named Avivore.
According to researchers, this group is enough "Smart" to cover its tracks effectively. The company believes the team attacks 2015. However, most of them attacks have been noticed in the last year.
The hacking team used Airbus partners such as Rolls-Royce and Expleo to influence the airline.
This reflects her strategy used by Avivore. Hackers are using it 'Island hopping' technique. According to this technique, hackers target a large company indirectly, through its weaker and less protected partners. However, they choose key partners rather than companies that could be easily replaced.
This technique makes it very difficult to deal with attacks.
Avivore hackers were presented as legitimate users to invade networks of suppliers. They mainly used VPNs and other tools for remote access. Hackers could thus bypass them systems security of the largest target company and at the same time cover their tracks.
Researchers believe the group aims at intellectual property of its victims. Its goal is not only for airlines, but also for military equipment companies, automakers, energy industries and many more.
The attacks on these entities did a lot researchers connect them to the APT10 and JSSD groups. However, AVIVORE uses different tools and different tactics.
"There are definitely similarities between the types of industries and technologies they target, and it would be reasonable to assume that these groups have the same motivations," said the Context researcher, "but we can not say for sure."
Whoever is behind the attacks, the only sure thing is that companies need to take more security measures and take care of the safety of their key suppliers and partners.