In recent news reports and press releases it has been announced that Microsoft in combination with the company Novetta has led a cybersecurity coalition effort of security vendors, security researchers and other major technology companies such as Cisco, FireEye, F-Secure, iSight Partners, Symantec, Tenable, ThreatConnect, ThreatTrack Security, Volexity, and anonymous researchers in an operation named “Operation SMN.”
The Operation SMN group focused on a coordinated push of new malware detection, Intrusion detection system (IDS) signatures, raw data and the operations of a fully disclosed knowledge management system; thereby sharing cybersecurity threat intelligence data across multiple vendors, companies and government organizations that made up the complete cybersecurity coalition. The Microsoft led Operation SMN was coordinated and is part of Microsoft’s new malware eradication program.
The threat (actor) which inspired the formation of the joint cybersecurity coalition of researchers of Operation SMN was the result of China’s advanced persistent threats towards government agencies, businesses and organizations. However, there was more than just one state sponsored bad actor involved with the sourcing of malware on a national basis. The other bad actors that were involved have been grouped into a single entity named Axiom.
Axiom’s malicious activities and motivations originated back in 2009. The bad actors that make up Axiom have been involved in cyber espionage against the United States and its allies. Axiom actors have victimized pro-democracy and non-government organizations that are considered to be a potential threat to the Chinese State. Axiom has been responsible so far for sourcing malicious code, malware such as Hikit, Ghost Rat, Darkmoon – Poison Ivy, Hydraq, Zishell, Deputy Dog, Derusbi, Mdmbot, Moudoor, Plugx, Sensode and a host of other classified and named malware threats that have been recently released in the wild and deployed through phishing campaigns in an effort of state-sponsored cyber espionage.
Microsoft’s new coalition campaign in eradicating malware combined with its new Virus Information Alliance (VID) Program will be responsible for the on-going collaborating and sharing of cybersecurity threat data that will be classified, catalogued and eliminated by these improvement programs. As part of Microsoft’s malware eradication program, they have made available a malicious software removal tool (MSRT) that is currently available on the Microsoft site (http://www.microsoft.com/security/pc-security/malware-removal.aspx). The malicious software removal tool is effective in removing the named malware that was mentioned above with other named malware, as vulnerability exploits are announced. It’s a tremendous effort put forth by Microsoft and its affiliates. Microsoft states that the cybersecurity industry shall see more of this effort by technology vendors and companies as an effort to make cyberspace more secure.
Novetta Report Reference