A recent FireEye report entitled Supply Chain Analysis: From Quartermaster to Sunshop [PDF] suggests that seemingly unrelated cyber attacks may be connected via a shared development and logistics infrastructure.
"Our research points to centralized planning and development by one or more advanced persistent threat (APT) actors," FireEye manager of threat intelligence Darien Kindlund said in a statement. "Malware clearly remains a desired cyber weapon of choice. Streamlining development makes financial sense for attackers, so the findings may imply a bigger trend towards industrialization that achieves an economy of scale."
In looking at 11 APT campaigns targeting a variety of industries, the researchers found unexpected links between the campaigns, including the same malware tools, the same elements of code, binaries with the same timestamps, and signed binaries with the same digital certificates.
"Examining the 11 APT campaigns revealed a shared development and logistics operation used to support several APT actors in distinct but overlapping campaigns," the report states. "This development and logistics operation is best described as a 'digital quartermaster.' It's mission: supply and maintain malware tools and weapons to support cyber espionage. This digital quartermaster also might be a cyber arms dealer of sorts, a common supplier of tools used to conduct attacks and establish footholds in targeted systems."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Like traditional conflict, cyber warfare will continually evolve and change through innovation," FireEye CEO David DeWalt said in a statement. "Not surprisingly, attackers are adopting an industrialized approach. The best hope for those playing defense is a community-based approach that not only monitors advances in cyber attacks, but also propagates information to help mitigate the new threats."
The full report is available here [PDF].