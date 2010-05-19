[...] Beyond the sophistication of the malware in question, and the length of time it remained undetected, the source code itself revealed an interesting and, for security professionals, somewhat worrying approach to the development of its core product, which borrowed from modern DevOps theory.

[...] It’s important for APT success, therefore, that malware is written in such a way that it can be easily given to any member of the team with the assurance that they’re able to produce a product of the same high quality that a campaign’s creators have come to expect. If those creators want to scale up their campaigns, they must ensure that any new team member is able to quickly and easily get to grips with the task at hand.

Analysis of Carbanak’s source code revealed a series of features that would allow it to be iterated by a team of developers in just this way, removing the risk of being hindered by single points of failure, such as a key malware engineer being off sick or moved onto another task. Essentially, it was a highly effective software assembly line.