An advanced persistent threat has been linked to a group in Lebanon with political ties, according to speculation by the security firm Check Point.
Volatile Cedar, named for its alleged connection with Lebanon, is thought to have originated in 2012 and has since developed highly evasive strains of malware, making it hard for antivirus software to block.
It has also been noted for the choice of industries its targets, making it likely that it aligns with political interests as opposed to financial ones.
Yaniv Balmas and Irena Damsky, threat researchers at Check Point, said: "While many of the technical aspects of the threat are not considered ‘cutting edge’, the campaign has been continually and successfully operational throughout this entire timeline, evading detection by the majority of [antivirus] products.
"This success is due to a well-planned and carefully managed operation that constantly monitors its victims’ actions and rapidly responds to detection incidents."
Volatile Cedar’s chief weapon is said to be a trojan the group has named Explosive, which is also combined with vulnerability scanners, web user interfaces and public exploit code.
According to Check point the hackers start by targeting public web servers which are easy to hack and then move deeper inside and across the networks using manual hacking and an automated USB infection mechanism.
"The attackers select only a handful of targets to avoid unnecessary exposure," the researchers said.
"New and custom versions are developed, compiled and deployed specifically for certain targets, and ‘radio silence’ periods are configured and embedded specifically into each targeted implant."
