Yoroi: The naval industry in Italy has suffered a “timed” cyber attack. The goal was to get the victim to download the malware called MartyMcFly with a malspam operation, exploiting a compromised real company
Someone launched a cyber attack against the naval industry in Italy, planning it 8 years earlier. Yoroi cyber security researchers discovered it by analyzing a sample of the aggression. This has been directed in particular to the hardware sector. It was a malspam action, the aim of which was to deceive the victim and get a malware called MartyMcFly through the malicious mail message. A Remote Access Tool (RAT) with the aim of controlling the victim’s system and exfiltrating the data. The operation had been created ad hoc. There was a sender, a real (compromised) metal company, and two attachments. In the first one the company presented itself, while in the second it simulated an order of pieces (an excel document). Within them there was MartyMcFly. In Yoroi’s blog, just put online, there is no certainty about the exact target to hit. But this, however, was on an industrial level.
The action of the malware has been timed. The code was detected “in the wild” in 2010, but its activation took place only between the end of 2017 and 2018. We believe it’s a cyber attack of APT actors. Cybercrime acts differently
Moreover, the malware used in the computer attack against the Italian shipbuilding industry has a unique feature. It was timed. The RAT was detected “in the wild” as early as 2010, although there are no certainties. But its activation was scheduled only at the end of 2017, still changing in 2018. As a result, the cyber aggression was planned. A priori which industry the actors wanted to hit. The eyes are on the APTs, the state-sponsored hackers of some hostile nation. The modus operandi of cybercrime is, in fact, traditionally different. It exploits the vulnerabilities of the moment to get maximum profit and then moves on to another. Do not set long-distance operations, as there are too many variables that can not be controlled. Furthermore, the risks of being stuck or, worse, discovered increase. Yoroi cyber security specialists, however, are still analyzing the data, from which further details may emerge.
Marco Ramilli, founder of Yoroi and cyber security expert: Let’s hypothesize a temporized cyber attack, for the moment against the naval industry in Italy. The malware will be called MartyMcFly in reference to the date of creation and detonation
“According to what we know from Virus Total, and there are no conflicting statements, we found some features in cyber attack on the shipbuilding industry in Italy – said Marco Ramilli, founder of Yoroi, to Defense and Security -. First, the sample is malicious and was seen in 2010, but not yet submitted to antivirus systems. ” In addition, added the cyber security expert, “currently has been identified in the Naval sector and has shown a different behavior between 2017 and 2018”. Therefore, “it is natural to think of a timed attack, not necessarily only addressed to the Naval industry, but to date it is what we can observe: timed attack towards it – he concluded -. The name of the malware will be MartyMcFly, from the film Back to the Future, for obvious reasons referring to the date of creation and that of detonation “.