A new malware named GZipDe that is a downloader used by hackers in a cyber-espionage campaign was discovered by researchers at AlienVault. IT security experts commented below.
Sean Newman, Director of Product Management at Corero Network Security:
“It’s interesting to see a new downloader malware instance being discovered after a sample of it was uploaded to VirusTotal for inspection. In the past, this has been a tactic used by hackers to check that their code is not detected by any current AV vendors, so it would be interesting to know if that was the case in this instance. Either way, the multi-stage attack it forms part of is pretty standard operation for today’s targeted attacks looking to steal data which may be valuable on the dark web.”
.
.
Andy Norton, Director of Threat Intelligence at Lastline:
“Clearly sophisticated actors are taking it to the next level. The majority of incident response prioritisation is based on severity of risk from an attacker. If you take the ability to discern from from threat to the next you erode the effectiveness of the security posture, it is a known and exploited logic flaw in adversary based defence. Being able to prioritise alerts based on the behavioural capacity of the threat, not the perceived actor is now becoming the new norm for incident response.”
