Research by security firm Symantec has shown that the Elderwood platform is a more widespread threat than previously believed.
The zero-day exploit toolkit first surfaced in 2012, but 2014 has seen its adoption by a larger array of hackers, with three zero-day vulnerabilities detected in one month alone.
Symantec said in a blog post that it initially believed Elderwood was used by just one group, but newer findings suggest it is either the work of a major hacking organisation, which has developed it for numerous in-house attack teams, or it is being sold to a wider range of outside groups.
Article continues below
Elderwood has been used to attack important sectors like defence, manufacturing, IT, and human rights.
There have been some recurring trends, such as the use of Internet Explorer and Flash, and the attacks can also be reverse-engineered by other groups to produce new ones.
Part of the threat of the Elderwood toolkit is that it is user-friendly, making it usable by even someone who is not technically proficient. It is this same approach that has made DDoS toolkits so popular, and so disruptive.
Symantec labelled Elderwood as a "serious threat," and that groups using it are well-resourced and highly motivated hackers.
Via Computer World