Cyber-bandits Compromise Three UAE Firms
Morpho group targets global firms for corporate secrets; victims include Facebook, Microsoft, Apple
A sophisticated cyber group that concentrates on stealing intellectual property from large enterprises has compromised “a string of major corporations” in recent years, including three organisations “located or headquartered” in the UAE, cyber-security company Symantec claimed today.
The group, named “Morpho” by Symantec researchers, is not interested in credit-card or bank theft, the company said, despite referring to the gang as “financially motivated”. Instead, Morpho focuses on the exfiltration of sensitive information that it can sell to corporate rivals.
Symantec said the gang is “technically proficient and well-resourced”, and is in possession of several zero-day exploits. It has also developed its own exploit kits, which work on both Windows and MacOS. The group is not thought to be state-sponsored, but Symantec speculated that its members could be hackers for hire.
Morpho’s victims, according to Symantec, include US giants Facebook, Microsoft, Apple, Twitter and a number of banking, pharmaceutical and law firms. The targets were spread over several countries, including US, Canada, the UAE, the UK, France, Finland, and Egypt.
Over the years Symantec has gathering information on Morpho it has noted that the team always “tidies up” before moving on to a next target and has managed to maintain a low profile despite its more famous US victims announcing incursions publicly.
“In many attacks, the group has succeeded in compromising Microsoft Exchange or Lotus Domino email servers in order to intercept company emails, and possibly use them to send counterfeit [messages],” Symantec reported yesterday in a blog post titled, “Morpho: Profiting from high-level corporate attacks”.
“The group has also attacked enterprise content management systems, which would often be home to legal and policy documents, financial records, product descriptions and training documents.”
Another attack allowed Morpho to access a Physical Security Information Management (PSIM) system, used for controlling physical premises security systems, such as card access to doors. This level of access, Symantec said, could have given the attackers access to CCTV feeds.