Advanced Persistent Threats (APT) has been ever more prevalent in the recent months, especially with the ever more frequent attacks against organizations, companies and corporations. APT bad actors are thought to be experts in taking advantage of known, unknown and zero-day vulnerabilities. Their expertise is thought to be independent and original malware coding and development for exploiting these vulnerabilities.
However, a lone security researcher named Gabor Szappanos with the security research firm SophosLabs took it upon himself to research these bad actors of APTs for himself. He took a long hard look into their abilities in the craft of developing original and functional exploits for known vulnerabilities. He had a very keen suspicion about how APTs were originally being deployed across cyber-space. Usually, these developers known as bad actors of malware codes are thought to be geniuses for the development and the deployment of the exploit against such vulnerabilities as zero-days.
Gabor wanted to test and research the skills of these bad actors and how they are able to immediately start coding and developing exploits. Unfortunately, there are of course hundreds of known vulnerabilities that exist in Microsoft Office applications. Gabor’s research consisted of using seventy previously developed malware samples to exploit Microsoft Office to cause memory corruptions for his research. Gabor stated that “We found that the malware groups have a limited understanding of, or ability to modify with success, the initial exploit.”
Based on the limited research of the study, Gabor now thinks that APT bad actors are less technical than everyone had previously thought. They are not the geniuses many of us believe them to be. Their exploit skills and abilities are stated to be less than normally expected. This is why many of the APT bad actors do not want to disclose their knowledge in coding development. They are simply using known malware code that is loaded and distributed in the penetration testing tool framework popularly known as Metasploit.
Metasploit is a known tool for developing and executing exploit codes against remote target machines. It uses specific codes such as Opcode Database, shellcodes and other related codes from advanced research to exploit known and unknown vulnerabilities in order to test enterprise network systems. However, it is also known to be used maliciously by bad actors.