Articles for March 2018

APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware

Published on March 12, 2018 by Jeff Morlen

Security researchers at Kaspersky have identified a sophisticated APT hacking group that has been operating since at least 2012 without being noticed due to their complex and clever hacking techniques.

The hacking group used a piece of advanced malware—dubbed Slingshot—to infect hundreds of thousands of victims in the Middle East and Africa by hacking into their routers.

According to a 25-page report published [PDF] by Kaspersky Labs, the group exploited unknown vulnerabilities in routers from a Latvian network hardware provider Mikrotik as its first-stage infection vector in order to covertly plant its spyware into victims’ computers.

Source: APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware

Leaked NSA Dump Also Contains Tools Agency Used to Track Other Hackers

Published on March 8, 2018 by Jeff Morlen

A years ago when the mysterious hacking group ‘The Shadow Brokers‘ dumped a massive trove of sensitive data stolen from the US intelligence agency NSA, everyone started looking for secret hacking tools and zero-day exploits.

A group of Hungarian security researchers from CrySyS Lab and Ukatemi has now revealed that the NSA dump doesn’t just contain zero-day exploits used to take control of targeted systems, but also include a collection of scripts and scanning tools the agency uses to track operations of hackers from other countries.

According to a report published today by the Intercept, NSA’s specialized team known as Territorial Dispute(TeDi) developed some scripts and scanning tools that help the agency to detect other nation-state hackers on the targeted machines it infects.

Source: Leaked NSA Dump Also Contains Tools Agency Used to Track Other Hackers

1.7 Tbps DDoS Attack — Memcached UDP Reflections Set New Record

Published on March 6, 2018 by Jeff Morlen

The bar has been raised.

As more amplified attacks were expected following the record-breaking 1.35 Tbps Github DDoS attack, someone has just set a new record after only four days — 1.7 Tbps DDoS attack.

Network security and monitoring company Arbor Networks claims that its ATLAS global traffic and DDoS threat data system have recorded a 1.7Tbps reflection/amplification attack against one of its unnamed US-based customer’s website.

Source: 1.7 Tbps DDoS Attack — Memcached UDP Reflections Set New Record

ComboJack malware tries to steal your cryptocurrency by changing the data in your clipboard | ZDNet

Published on March 6, 2018 by Jeff Morlen

Tricky…tricky…tricky. Replace the address when copied… pretty clever.

This newly uncovered malware is delivered by phishing emails – and hopes users don’t bother to check which wallet they sending money to.

Source: ComboJack malware tries to steal your cryptocurrency by changing the data in your clipboard | ZDNet

Microsoft: Windows Defender can now spot FinFisher government spyware | ZDNet

Published on March 5, 2018 by Jeff Morlen

Microsoft dismantles government-grade malware to improve Windows and Office 365 defenses.

Microsoft says it has cracked open the notorious FinFisher government spyware to design new ways to detect it and protect Windows and Office users.

FinFisher is sold to law-enforcement agencies around the world and its maker, European firm Gamma Group, has been criticized for selling it to repressive regimes.

Last year, researchers at FireEye discovered FinFisher being distributed in Word documents loaded with an attack for an Office zero-day targeting Russian-speaking victims.

Source: Microsoft: Windows Defender can now spot FinFisher government spyware | ZDNet