Advanced hackers are infecting IT providers in hopes of hitting their customers
(credit: Pixabay)
A previously undocumented attack group with advanced hacking skills has compromised 11 IT service providers, most likely with the end goal of gaining access to their customers' networks, researchers from security firm Symantec said on Wednesday.
The group, dubbed Tortoiseshell, has been active since at least July 2018 and has struck as recently as July of this year, researchers with the Symantec Attack Investigation Team said in a post. In a testament to Tortoiseshell's skill, the new group used both custom and off-the-shelf hacking tools. At least two of the 11 compromises successfully gained domain admin level access to the IT providers' networks, a feat that gave the group control over all connected machines.
Tortoiseshell's planning and implementation of the attacks was also notable. By definition, a supply chain attack is hacking that compromises trusted software, hardware, or services used by targets of interest. These types of attacks require more coordination and work. Taken together, the elements suggest that Tortoiseshell is likely a skilled group.
Read 8 remaining paragraphs | Comments