Traditional cybercriminals increasingly are using the same hacking tools that cyberespionage attackers employ in order to maintain a stealthy foothold inside a victim organization so they can maximize their spoils and profits.
And in some rare cases, Chinese cyberespionage attackers appear to be moonlighting and dabbling in a little traditional financial cybercrime. This blurring of tools and missions can make it difficult for organizations to ascertain just what attackers are up to once they are discovered inside.
Richard Bejtlich, chief security officer for Mandiant, says prior to joining Mandiant one year ago, he had seen cases of both types of attackers using the same types of tools -- specifically, remote access Trojan tools (RAT) like Poison Ivy and Ghost, for instance. He also saw some hints of cyberspies engaging in traditional cybercriminal activities.