News Kaspersky Easily Uncovers Uzbekistan Hacking Operations


One of the group's questionable opsec practices included using "the name of a military group with ties to the SSS" for registration of one the domains in the attack infrastructure, according to Vice.
This could easily be a red herring.

Another error SandCat made was installing Kaspersky Anti-Virus on the same machines it used to write the new malware. This allowed Kaspersky's antivirus telemetry to detect and collect the malicious code before it was deployed.
Oh snap! Yeah, that's sure a n00b move.

They concluded this from the fact that the SandCat hackers were burning (using and them losing them to discovery by others) through their exploits like nothing. However, burning the exploits so quickly meant that Saudi Arabia and UAE couldn’t use them anymore either.
Wow. So, I wonder if the exploit vendors had to do a bit of sleuthing to find out which of their customers kept getting detected. That's a fascinating dimension of the hacking business I hadn't even considered.