The Elderwood Project Revealed
I am usually a little leery of sensational-sounding claims by security firms; "feathering the nest" is the phrase that usually comes to mind. That said, Symantec has a sobering blog post regarding something they are calling The Elderwood Project. They outline ongoing efforts to infect and otherwise disrupt critical infrastructure using zero-day exploits:
That's not very comforting, is it?
The primary targets identified are within the defense supply chain, a majority of which are not top-tier defense organizations themselves. These are companies who manufacture electronic or mechanical components that are sold to top-tier defense companies. The attackers do so expecting weaker security postures in these lower tier organizations and may use these manufacturers as a stepping-stone to gain access to top-tier defense contractors, or obtain intellectual property used in the production of parts that make up larger products produced by a top-tier defense company.
Symantec Offical Blog