Supply chain analysis: From Quartermaster to Sunshop
Many seemingly unrelated cyber attacks may, in fact, be part of a broader offensive fueled by a shared development and logistics infrastructure—a finding that suggests some targets are facing a more organized menace than they realize. This report examines 11 advanced persistent threat (APT) campaigns targeting a wide swath of industries.
Though they appeared unrelated at first, further investigation uncovered several key links between them: the same malware tools, the same elements of code, binaries with the same timestamps, and signed binaries with the same digital certificates. Taken together, these commonalities point to centralized APT planning and development.
This paper contains an examination of these 11 seemingly unrelated APT campaigns that, upon further investigation, reveal shared characteristics that suggest a common “supply-chain” infrastructure.