By Stephen McBride
Morpho has previously targeted Facebook, Microsoft, Apple and focuses on stealing sensitive information that it can sell to corporate rivals
A sophisticated cyber group that concentrates on stealing intellectual property from large enterprises has compromised "a string of major corporations" in recent years, including three organisations "located or headquartered" in the UAE, cyber-security company Symantec has claimed, ITP.net reported.
The group, named "Morpho" by Symantec researchers, is not interested in credit-card or bank theft, the company said, despite referring to the gang as "financially motivated". Instead, Morpho focuses on the exfiltration of sensitive information that it can sell to corporate rivals.
Symantec said the gang is "technically proficient and well-resourced". The group is not thought to be state-sponsored, but Symantec speculated that its members could be hackers for hire.
Morpho's victims, according to Symantec, include US giants Facebook, Microsoft, Apple, Twitter and a number of banking, pharmaceutical and law firms. The targets were spread over several countries, including US, Canada, the UAE, the UK, France, Finland, and Egypt.
Over the years Symantec has gathering information on Morpho and it has noted that the team always "tidies up" before moving on to a next target and has managed to maintain a low profile despite its more famous US victims announcing incursions publicly.
"In many attacks, the group has succeeded in compromising Microsoft Exchange or Lotus Domino email servers in order to intercept company emails, and possibly use them to send counterfeit [messages]," Symantec reported in a blog post titled, "Morpho: Profiting from high-level corporate attacks".
"The group has also attacked enterprise content management systems, which would often be home to legal and policy documents, financial records, product descriptions and training documents."
Another attack allowed Morpho to access a Physical Security Information Management (PSIM) system, used for controlling physical premises security systems, such as card access to doors. This level of access, Symantec said, could have given the attackers access to CCTV feeds.For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.