A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectual property. The gang, which Symantec calls Morpho, is not state-sponsored, rather financially motivated. It has attacked multi-billion dollar companies operating in the internet, IT software, pharmaceutical and commodities sectors. Twitter, Facebook, Apple and Microsoft are among the companies who have publicly acknowledged attacks.
Morpho is technically proficient and well-resourced. The group has developed a suite of custom malware tools capable of attacking both Windows and Apple computers, and appears to have used at least one zero-day vulnerability in its attacks. It keeps a low profile and maintains good operational security. After successfully compromising a target organization, it will clean up after itself before moving on to its next target.
This group operates at a much higher level than the average cybercrime gang. It is not interested in stealing credit card details or customer databases and is instead focused on high-level corporate information. Morpho may be selling this information to the highest bidder or may be operating as hackers for hire. Stolen information could also be used for insider trading purposes.
For detailed technical analysis and indicators of compromise, please read our whitepaper: Morpho – Corporate spies out for financial gain