Rachwald said it is strongly believed the Comment Crew is behind the new attacks given its previous use of Aumlib and Ixeshe. But the group has also re-engineered its attack infrastructure so much over the last few months that it is difficult to say for sure.
The effort is likely not just confined to retooling the malware, but also retraining the attackers, Rachwald said. "What we were trying to say is that they are clearly turning around the cyber battleship," he said.
Sign up for CIO Asia eNewsletters.