Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Windows Security

Mysterious Hacker Has Been Selling Windows 0-Days To APT Groups For Three Years (zdnet.com) 71

For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. From a report: The hacker's activity reinforces recent assessments that some government-backed cyber-espionage groups -- also known as APTs (advanced persistent threats) -- will regularly buy zero-day exploits from third-party entities, besides developing their own in-house tools. APT groups believed to be operating out of Russia and the Middle East have often been spotted using zero-days developed by real-world companies that act as sellers of surveillance software and exploit brokers for government agencies. However, Kaspersky's recent revelations show that APT groups won't shy away from dipping their toes in the underground hacking scene to acquire exploits initially developed by lone hackers for cyber-crime groups, if ever necessary.
This discussion has been archived. No new comments can be posted.

Mysterious Hacker Has Been Selling Windows 0-Days To APT Groups For Three Years

Comments Filter:
  • by fat man's underwear ( 5713342 ) <tardeaulardeau@protonmail.com> on Wednesday May 01, 2019 @10:04AM (#58521986)

    the free market will fix this through competition or something

  • At least the he’s not selling them to APK.

  • by Anonymous Coward

    There is nothing illegal about finding vulnerabilities and reporting them. What is actually done with those zero days may be illegal, but it is none of this person's concern.

    Even if profit is a motive, this person should be able to go about their business with no fear of retribution. If Microsoft wants these zero days reported to them, then they can offer higher bounties.

    • Aiding and abetting is illegal.

      But as long as you only supply weapons to US allied governments to hack people it's highly unlikely to cause you any trouble, even when used to commit crimes against US citizens.

      Victims won't have the means to identify you and the three letter agencies won't have the desire.

  • Point being ... (Score:5, Insightful)

    by CaptainDork ( 3678879 ) on Wednesday May 01, 2019 @10:31AM (#58522160)

    ... there's a lot of fucking zero days in Windows.

    • Kinda makes you wonder if there isn't someone inside MS slipping these in to support an illicit market.

      • by rtb61 ( 674572 )

        There will be people in tech companies, there will be people in the espionage agencies, there will be people in the security companies, all who want more and simply sell it where they can, to get it. Probably the source of the worst leaks, the various espionage agencies, they already carry out criminal activities in other countries, have awareness of the contacts and know the methods to transfer funds and so, they do exactly what they have been trained to do. What that pompous Pompeo arsehole bragged about,

    • by Tom ( 822 )

      My thought as well. Sadly, the article doesn't include numbers, but by the wording he's sold quite a few of those 0-days. And he's not the only person doing it.

      Main message: Windows is still so full of holes, it could have a brilliant secondary career as a swiss cheese.

  • More QA (Score:2, Interesting)

    M$ really needs to create a QA department and stop using users as alpha tester.
  • by PPH ( 736903 ) on Wednesday May 01, 2019 @10:48AM (#58522268)

    It's a shame that we don't have an outfit like this available to us to identify and track down such security problems.

  • Build vs buy (Score:2, Insightful)

    by Anonymous Coward

    All organizations, even criminal ones, have to make decisions about whether it's more cost effective to buy or build the inputs to their process.

  • by Anonymous Coward
    This is what happens when a trillion dollar company doesn't pay out big bug bounties. The most they pay out is about 30 grand. The open market pays more, 4-5 times more.
  • by Anonymous Coward

    Advanced nation states are suspected of selling exploits to other nation states through middle-men. By doing so, they can then see who tries to use the exploit, and who they use it against. It's a good way to keep tabs on other countries security services. They are usually network-based exploits so use of them can be tracked by anyone with network-sniffing ability on the internet.

  • This guy (just one guy?) who's selling these zero day alerts to everyone in the world -- is he just really really smart to discover all of these, or is this perhaps someone at Redmond with a side business?

  • by Anonymous Coward

    "some government-backed cyber-espionage groups -- also known as APTs (advanced persistent threats)"

    An APT is not the group that delivered the malware. The APT is the suite of malware that lingers in a network and slowly escalates and exfiltrates information over time to make it appear that nothing is wrong. The names for people that create APT's are usually associated with some government state somewhere.

    • by AHuxley ( 892839 )
      AC the problem is the P in APT. Governments want their code to stay active in an interesting persons computer no matter what an average computer users attempts to do.
      They can run consumer AV all day on the OS level, update, make OS changes. The gov/mil code stays hidden and active.
      The "persistent" part is what gov/mil crave and pay for.
  • The other ATPs. (Score:4, Interesting)

    by HeckRuler ( 1369601 ) on Wednesday May 01, 2019 @03:33PM (#58523868)

    "APT groups believed to be operating out of Russia and the Middle East".... and Maryland. Does anything think the NSA and CIA aren't Advanced or Persistent? Surely everyone thinks they're a threat to SOMEONE out there. If they're not, they're not really doing their job. Does anything think they WOULDN'T buy this sort of knowledge?

  • Good to hear that MS has found more ways to monetize Windows 10 should global privacy laws harm their primary revenue stream.
  • Paul Thurrott (shown leaning on a real-life replica of the Microsoft logo [thurrott.com]), cited an unnamed Microsoft insider to claim [thurrott.com]:

    "Every day cybercriminals test new ways to attack and gain control of your PC," a Microsoft representative told me. "In the last 12 months alone, the number of ransomware variants in the wild have more than doubled. Because Microsoft understands how destructive ransomware can be, the company has developed and incorporated multiple solutions into its technologies to help protect your PC. Th

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...