SYS-CON MEDIA Authors: Zakia Bouachraoui, Liz McMillan, Yeshim Deniz, Janakiram MSV, Carmen Gonzalez

News Feed Item

Cylance Discovers New Middle Eastern APT Actor: The White Company

Cylance Inc., the leading provider of AI-driven, prevention-first security solutions, today released the first in a series of research reports that explores the identification and tracking of a new—and likely state-sponsored—threat actor whose profile does not match any of the established advanced persistent threat (APT) groups.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20181112005214/en/

Cylance takes you inside a new threat actor's espionage campaign (Graphic: Business Wire)

Cylance takes you inside a new threat actor's espionage campaign (Graphic: Business Wire)

The preliminary findings detail one of the group’s recent campaigns, a year-long espionage effort directed at the Pakistani Air Force. Cylance calls the campaign Operation Shaheen and the organization The White Company—in acknowledgement of the many elaborate measures the organization takes to whitewash all signs of its activity and evade attribution.

The Pakistani Air Force is not just an integral part of the country’s national security establishment—including its nuclear weapons program—but it is also the newly announced home of the country’s National Centre for Cyber Security. A successful espionage operation against such a target could yield significant tactical and strategic insight to a range of foreign powers.

Cylance researchers uncovered evidence indicating The White Company possesses considerable resources that support the likelihood that the organization is part of a state-sponsored group:

  • Access to zero-day exploit developers and (potentially) zero-day exploits
  • A complex, automated exploit build system
  • The ability to modify, refine, and evolve exploits to meet mission-specific needs
  • The capacity for advanced reconnaissance of targets

The Cylance threat intelligence team analyzed a large portion of The White Company’s exploit kit, which in this case involved a painstaking examination of the machine-language instructions embedded in a sample of roughly 30 exploits. Genetic marking and mapping of 42 unique features allowed researchers to track the development, modification, and evolution of the exploit kit over time, allowing Cylance to link The White Company to other previously unidentified or misattributed campaigns.

The White Company is the first threat actor Cylance has encountered that targets and effectively evades multiple antivirus products—including Sophos, ESET, Kaspersky, BitDefender, Avira, Avast, and Quick Heal—before turning them against their owners by deliberately surrendering to them on specific dates in order to distract, delay, and divert resources.

Antivirus evasions are just one of a number of measures employed by The White Company to escape attribution. Other methods include:

  • Within the exploit: Four different ways to check whether the malware was on an analyst’s or investigator’s system; the capacity to clean up Word and launch a decoy document to reduce suspicion; and the ability to delete itself entirely from target system
  • Within the malware: Five different packing techniques that housed the ultimate payload in a series of nesting-doll layers; additional ways to check whether the malware was on an analyst’s or investigator’s system; anonymous, open-source payloads and obfuscation techniques; the use of compromised network infrastructure for command and control

Future reports in the series will delve deeply into the malware and infrastructure associated with these and other White Company campaigns while sharing sophisticated analysis of the underlying technical data.

The full report can be downloaded here.

About Cylance® Inc.

Cylance develops artificial intelligence to deliver prevention-first, predictive security products and smart, simple, secure solutions that change how organizations approach endpoint security. Cylance provides full spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, Cylance protects the endpoint without increasing staff workload or costs. We call it the Science of Safe. Learn more at www.cylance.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Containerized software is riding a wave of growth, according to latest RightScale survey. At Sematext we see this growth trend via our Docker monitoring adoption and via Sematext Docker Agent popularity on Docker Hub, where it crossed 1M+ pulls line. This rapid rise of containers now makes Docker the top DevOps tool among those included in RightScale survey. Overall Docker adoption surged to 35 percent, while Kubernetes adoption doubled, going from 7% in 2016 to 14% percent.
Technology has changed tremendously in the last 20 years. From onion architectures to APIs to microservices to cloud and containers, the technology artifacts shipped by teams has changed. And that's not all - roles have changed too. Functional silos have been replaced by cross-functional teams, the skill sets people need to have has been redefined and the tools and approaches for how software is developed and delivered has transformed. When we move from highly defined rigid roles and systems to ...
Even if your IT and support staff are well versed in agility and cloud technologies, it can be an uphill battle to establish a DevOps style culture - one where continuous improvement of both products and service delivery is expected and respected and all departments work together throughout a client or service engagement. As a service-oriented provider of cloud and data center technology, Green House Data sought to create more of a culture of innovation and continuous improvement, from our helpd...
Docker and Kubernetes are key elements of modern cloud native deployment automations. After building your microservices, common practice is to create docker images and create YAML files to automate the deployment with Docker and Kubernetes. Writing these YAMLs, Dockerfile descriptors are really painful and error prone.Ballerina is a new cloud-native programing language which understands the architecture around it - the compiler is environment aware of microservices directly deployable into infra...
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. DevOpsSUMMIT at CloudEXPO expands the DevOps community, enable a wide sharing of knowledge, and educate delegates and technology providers alike.
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cloud environments. The winners in the cloud services industry will be those organizations that understand how to leverage these technologies as complete service solutions for specific customer verticals. In turn, both business and IT actors throughout the enterprise will need to increase their engagement with multi-cloud deployments today while planning a technology strategy that will constitute a ...
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
While more companies are now leveraging the cloud to increase their level of data protection and management, there are still many wondering “why?” The answer: the cloud actually brings substantial advancements to the data protection and management table that simply aren’t possible without it. The easiest advantage to envision? Unlimited scalability. If a data protection tool is properly designed, the capacity should automatically expand to meet any customer’s needs. The second advantage: the ...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundat...
ShieldX's CEO and Founder, Ratinder Ahuja, believes that traditional security solutions are not designed to be effective in the cloud. The role of Data Loss Prevention must evolve in order to combat the challenges of changing infrastructure associated with modernized cloud environments. Ratinder will call out the notion that security processes and controls must be equally dynamic and able to adapt for the cloud. Utilizing four key factors of automation, enterprises can remediate issues and impro...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
In an age of borderless networks, security for the cloud and security for the corporate network can no longer be separated. Security teams are now presented with the challenge of monitoring and controlling access to these cloud environments, at the same time that developers quickly spin up new cloud instances and executives push forwards new initiatives. The vulnerabilities created by migration to the cloud, such as misconfigurations and compromised credentials, require that security teams t...
Cloud is the motor for innovation and digital transformation. CIOs will run 25% of total application workloads in the cloud by the end of 2018, based on recent Morgan Stanley report. Having the right enterprise cloud strategy in place, often in a multi cloud environment, also helps companies become a more intelligent business. Companies that master this path have something in common: they create a culture of continuous innovation. In his presentation, Dilipkumar Khandelwal outlined the latest...