Chronicle links the malware samples to Iran's APT33 group, which previously developed the infamous Shamoon malware.
Thousands of malware samples uploaded to VirusTotal have been signed with a valid certificates from well-known certificate authorities, said researchers from Chronicle.
Under the pact, Siemens will use Chronicle's Backstory platform to provide security visibility across information and operational technology. Chronicle's platform will be combined with Siemens' cybersecurity tools for the energy industry.
Discovered by security researchers from Chronicle, Alphabet's cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to compromised systems.
In those cases and others, the hackers could easily have unleashed unprecedented mayhem, says Silas Cutler, a researcher at Alphabet-owned security startup Chronicle who has tracked the Barium hackers.
Shortly after the leak, researchers from Chronicle, a cybersecurity startup founded by Google owner Alphabet, went through the trove of data. It found a small handful of targets were based outside the Middle East, …..
But now researchers at Alphabet’s Chronicle Security say they have discovered what appears to be a new version of Flame that popped up in 2014 and likely remained active until 2016.
That’s where Siemens sees Chronicle’s Backstory – leveraging Google’s infrastructure – playing a role. “What company in the world is best positioned to apply AI and machine learning to ingest these different data streams, tag them, mix them, and begin to identify patterns,” he asked.
The company spelled out the competitive market it's intending to take on, which includes the entire on-premises data security market, such as SIEMs, Hadoop, and Elasticsearch, as well as security for all the related infrastructure, including servers, networking, and storage. "We really compete with doing security intelligence on your own to try to stop cyber attacks," Alphabet said.
Backstory relies on Google’s vast infrastructure, machine learning and data analytics tools to simplify the task at lower cost, helping companies to more easily filter out the signal of imminent security threats from the noise of false alarms that accompany them.
For example, an organization that missed a breach on its network initially will be able to use Backstory to find the origins of the incident and track what played out as a result. Crucially, Backstory customers will also benefit from the discoveries Chronicle makes by looking for patterns and anomalies in the combined data set of all its clients.
...Backstory gives security analysts the ability to parse potential threats from the avalanche of alerts, helping them more quickly pinpoint the real vulnerabilities. In a crowded U.S. market for cybersecurity vendors, there are few existing ways for security teams to knit all of the data from their different products in a unified system.
...a database of attack code called VirusTotal managed by another arm of Google-parent Alphabet Inc.
What exactly had Chronicle built, and why did it need the moonshot treatment to exist?
"We can work with an average security team and turn them into a great security team..."