When someone says they were hacked by an “advanced persistent threat” (APT)—parlance often used for allegedly government backed hackers—you might imagine some well organized, secret hacking unit that only uses the most sophisticated and specially crafted tools.However, some of the most popular pieces of malware used by so-called APTs—to target everything from oil companies to dissident organizations—are littered with their own security vulnerabilities, according to new research to be presented this week in Las Vegas. The research may also have implications for the debate around hacking-back, the practice of victims retaliating against hackers in order to minimize the damage or learn more about the attackers.Some of the tools are “very, very poorly written,” Waylon Grange, a researcher from cybersecurity firm Symantec who analyzed the malware told Motherboard in a phone call.Grange simply picked a selection of popular tools that repeatedly came up in APT reports, and then poked around for vulnerabilities. For example, hackers have used a piece of Windows malware called Gh0st RAT to target Tibetan activists and South Korean organizations. Gh0st RAT can switch on a victim machine’s camera, steal data, and much more.
Hackers’ Own Tools Are Full of Vulnerabilities