Category Archives: internet

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

Hack News, internet

Hackers hold entire school district to ransom

Leave a comment
October 2nd, an anonymous group sent death threats to an Iowa based Johnston Community School District forcing it to close some of its schools. The messages sent to parents via text included physically harming their kids and even killing them.


According to an official report from Johnston Community School District “Around 8 p.m. on the evening of October 2, individual students and parents within our school district received anonymous messages, threatening the safety and security of our students. In an effort of caution, we will be canceling school for all students and district staff on Tuesday, October 3. All district buildings will be closed, and there is no KTC program.”

Now, reportedly, Dark Web hacking group going by the handle of Dark OverLord has claimed responsibility for sending threats. Not only that, the group has also leaked personal data of students that includes student names, telephone numbers, addresses, and voicemails.

Follow the dark overlord @tdo_hackers
We’re now publicly claiming responsibility for the threats that resulted in the closure of JCSD in Iowa and 7.200 children without school. 5:49 PM – Oct 4, 2017, Replies   11 11 Retweets   12 12 likes Twitter Ads info and privacy
The Dark OverLord works in a way where it first looks for zero-day vulnerabilities in the targeted system, breaches it then holds data for ransom. In some cases, the group demands money from large enterprises which have in the past included Netflix and WestPark Capital Bank.



Last year, the same group was responsible for selling multiple US healthcare insurance database containing information of 655,000 patients on the dark web. About four months ago, The Dark Overlord stole Netflix’s Orange is the New Black Season by exploiting a security flaw in Windows operating system used by Hollywood-based Larson Studios and threatened to leak it online if their demands were not met.

We’re now publicly claiming responsibility for the threats that resulted in the closure of JCSD in Iowa and 7.200 children without school.

— thedarkoverlord (@tdo_hackers) October 4, 2017


Some targeted victims involved the Federal Bureau of Investigation (FBI) to solve the issue which the group took as an offense. “We’re escalating the intensity of our strategy in response to the FBI’s persistence in persuading clients away from us,” The Dark Overlord, told The Daily Beast.

In the case of Iowa, the group claimed to hack Johnston Community School District and stole a trove of data allowing it to access personal and contact details of students which further led the sending of threatening messages to parents.KCCI reported that one of the messages sent out to a family stated that “I’m going to kill some kids at your son’s high school.”

Last month, the group also targeted other schools in the United States including Texas school district and a Montana district details of which were published on Pastebin for public access.

With every new day, hackers are getting sophisticated in identifying zero-day flaws which allows them to conduct their attack further. Schools and other educational institutes should hire cybersecurity firms to analyze threats surrounding officials and students.

internet, TechNews

Facebook will use facial recognition to unlock your account

Leave a comment

Facebook is appreciated for tracking users even when they log off from the site; the social media titan also faces criticism over its tactics to collect user data. Now it is being announced that Facebook is experimenting facial identifying technology to assist users in unlocking their Facebook accounts.Means Facebook will use your face to verify that the locked account belongs to you and not some script kiddie or third-party trying to access someone else’s account. According to TechCrunch, “that could be especially useful if you’re somewhere that you can’t receive two-factor authentication SMS, like on a plane or while traveling abroad, or if you lose access to your email account”.
“We are testing a new feature for people who want to quickly and easily verify account ownership during the account recovery process. This optional feature is available only on devices you’ve already used to log in. It is another step, alongside two-factor authentication via SMS, which was taking to make sure account owners can confirm their identity,” Facebook told TechCrunch.
It is most likely that Facebook is impressed with iPhone X’s facial recognition that lets users unlock their phone instantly. A screenshot shared by Matt Navara of TNW, one can see how Facebook’s facial recognition feature will be working in future.
The facial recognition itself has become one of the fastest growing tech used by companies, for instance, China is using facial recognition system in public toilets and the United States airports are using the same technology to keep track of those leaving or visiting the country.
The FBI (Federal Bureau of Investigation) also owns a database of more than 411 million images out of which 140 million belongs to foreigners who applied for US visa and 30 million mugshots of criminals without any oversight.
However, according to a recent survey of 129 hackers conducted by security firm Bitglass found facial recognition was considered the second less efficient security tool behind standard passwords. Facial recognition was also rated as the worst tool six times more often than fingerprint authentication, indicating that there are many doubts in the air about the security of facial recognition tech.
According to Thomas Fischer, global security advocate at Digital Guardian, “Facebook’s Face ID seems to be focused on providing users with the second factor of authentication were they to lose access to their account, or forget their password. It is interesting to note that Facebook’s technology will only work on a device that has already been associated with a user account. This effectively provides a three-layer authentication mechanism: account, device and biometrics, you will need all three factors to gain access. This can significantly increase the security of a user’s account.”
While Facebook has experienced some backlash to facial recognition for photo tag suggestions in the past, this feature would only use the technology to privately help you out. Therefore it shouldn’t engender as big of privacy concerns, though obviously anything related to biometric data can give people pause. But if it means you can get back to your messages and News Feed, or repair damage done by a hacker, many people are likely to be comfortable to use their face to Facebook
Hack News, internet, Malware, Reviews, TechNews

Passwords For 540,000 Car Tracking Devices Leaked Online.

Leave a comment

Over 500,000 car tracking devices’ passwords accidentally leaked due to misconfigured cloud server

In another time case of an accidental data leak, login credentials of over 500,000 car tracking devices were freely exposed due to a misconfigured cloud server. The data came from SVR Tracking, which is a firm that claims to specialize in “vehicle recovery.”

 allows SVR its clients to pursue their vehicles around the timer so they can control and recover them in case their vehicle has been stolen. The firm attaches a tracking device to a vehicle in a discreet place, so if the vehicle is stolen, an untold driver would have no knowledge of it denoting monitored.
researchers at Kromtech Security, who saw the violation, the data exposed included SVR users’ account credentials, such as emails and passwords. Users’ vehicle data, including VIN numbers and license plates, were also easily imperiled. The data was imperiled via an insecure Amazon S3 bucket.
Each repository restrained over a half of a million records with logins/passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and additional data that is settled on their plans, clients and auto dealerships. Interestingly, the exposed database also comprised notice wherever correctly in the car the tracking unit was ducked,” Kromtech researcher Bob Diachenko said in a blog.

Download Hacking book free

SVR’s car tracking method monitors control a vehicle has been for the past 120 days, which can be openly obtained by anyone who has entree to users’ login credentials.
The unstable Amazon S3 pot has been secured after Kromtech reached out to SVR and informed them around the violation. It still continues unclear as to how long the data rested freely displayed. It is also debatable whether the data was mayhap accessed by hackers.
“In the age where corruption and technology go hand in hand, assume the possible threat if cybercriminals could find out where a car is by logging in with the credentials that were publically possible online and keep that car? The overall number of devices could be much bigger given the fact that many of the resellers or customers had large numbers of devices for tracking,” Diachenko said.

Loading…

Hack News, internet, mobile, TechNews

OurMine hacks video hosting service Vevo; leaks 3.12TB data online

Leave a comment
OurMine hacks video hosting service Vevo; leaks 3.12TB data online

SELF-STYLED WHITE HAT HACKERS OurMine have hacked music video outfit Vevo and unleashed 3.12TB worth of internal files.

OurMine, which last month claimed Wikileaks as a victim, got in touch with INQ on Thursday to reveal that Vevo – a joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc – has become the latest fatality of its hacking spree.

The firm has published 3.2TB of internal files from Vevo, but as noted by Gizmodo, the majority of the files seem “pretty mild” and include benign data including weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management.

Some files were more sensitive, though, such as one which reveals the alarm code for the company’s offices.

OurMine tells us that it leaked Vevo’s files after one of the company’s employees told it to “fuck off”, but added that it will take down the files if Vevo asks it to.

Vevo has confirmed the hack in a statement, saying the company “can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.”

As well as Wikileaks, OurMine last month took brief control of some of HBO’s social media accounts, including ones related to the Game of Thrones.

“Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security”, says the tweet that went out across a number accounts.

The hacking outfit has previously exposed the Twitter, and other social media, accounts of Mark Zuckerberg, Google CEO Sundar Pichai, and Buzzfeed.

Loading…

Hack News, Hacking Tools, internet, Reviews, TechNews, trick

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”

Leave a comment

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”


Usually, a bug bounty program helps companies secure their software and products from zero-day vulnerabilities that can cause massive damage if cybercriminals get their hands on them.
In the record, Zerodium command grants a sum of $1 million to the successful member. But will the group share those zero-day flaws with Tor? Well, possibly not since the company’s Tor Bounty page suggests that some individual goal of launching the special bounty for Tor is to “help our government customers fight crime and make the world a better and safer place for all.”
“While Tor system and Tor Browser are fabulous plans that allow authorized users to adjust their privacy and security on each internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” states Zerodium.
Though Zerodium, an American erudition security organization, and premium zero-day acquisition policies have launched a Tor Browser Zero-Day Bounty; the purpose of which is to get hackers and contract researchers to find zero-day flaws in Tor browser on Tails Linux and Windows running system and report it to the company.
The premium application is disclosed until November of the aforementioned year but depending on that payout, the arrangements may be stopped before the limit date. Extra powerful practice to keep in mind is that while JavaScript exploits are eligible for submission, a hacker with fully functional zero-day exploit without JavaScript will go home with more money.
Zerodium must be promoting bug premium appointments for the last few years. In August, the partnership started memoranda to hack Messenger apps such as Telegram, WeChat, iMessage, WhatsApp, Signal and Facebook Messenger.
Moreover, the assent opinion analysis need rely on private, private, unknown, and unreported zero-days, and must bypass all exploit reductions applicable to each target category. The initial attack vector must be a web page targeting the latest versions of Tor Browser while The whole exploitation process should be achieved silently, without triggering any message or popup, and without requiring any user interaction except visiting a web page.

Get $1M for reporting zero-day flaws in Tor to “help Govt fight crime”
The group also invited hackers to find zero-day flaws in iPhone and remotely hack the device and receive $1,500,000 in return. Moreover, platforms like Windows 10, Chrome, Firefox, and WordPress, etc. are also in line for the hackers to try their skills.

“Nonetheless, because the company has insinuated that these exploits will be shared with government it will be important to see the response from privacy advocates since Microsoft a couple of a months before pushed administration companies for not sharing vulnerabilities with manufacturers and piling up codes of software that can be easily stolen by hackers and exploited for their own unscrupulous gain.
Tor network itself launched its first public bug bonus program back in July this year. Naturally, this premium for which is only $4000 since it’s run by a combination of volunteer-operated servers that enables people to improve their privacy and security on the Internet.

Hack News, internet, mobile, TechNews, trick

Samsung wants you to hack its devices and get up to $200,000

Leave a comment
Samsung wants you to hack its devices and get up to $200,000
It’s a fact that Android is one of the most vulnerable mobile operating systems and at the same time, people around the world mostly use Samsung’s smartphones. Keeping both facts in mind; this combination makes Android devices a perfect and lucrative target for hackers and cyber criminals.
While Google is implementing security measures to tackle this threat, Samsung has launched a bug bounty program urging hackers and IT security researchers to find critical security flaws and vulnerabilities so the tech giant can fix them before malicious criminal elements get their hand on it.
In return, the company will pay between USD 200 and USD 200,000 for valid reports. An important thing to keep in mind about this bug bounty program is that Samsung will only facilitate reports demonstrating remote attacks, not the physical ones. Also, vulnerabilities found in the third-party application are not eligible for submission.
“Through this rewards program, we hope to build and maintain valuable relationships with researchers who coordinate disclosure of security issues with Samsung Mobile,” said Samsung
 Security vulnerability report must be applied to eligible Samsung Mobile devices, services, applications developed and signed by Samsung Mobile, or eligible 3rd party applications developed for Samsung.

  • Eligible Samsung Mobile Devices in their latest available Android version and firmware:

Samsung wants you to hack its devices and get up to $200,000

  • Galaxy S series (S8, S8+, S8 Active, S7, S7 edge, S7 Active, S6 edge+, S6, S6 edge, S6 Active) 
  • Galaxy Note series (Note 8, Note FE, Note 5, Note 4, Note edge)
  • Galaxy A series (A3 (2016), A3 (2017), A5 (2016), A5 (2017), A7 (2017))
  • Galaxy J series (J1 (2016), J1 Mini, J1 Mini Prime, J1 Ace, J2 (2016), J3 (2016), J3 (2017), J3 Pro, J3 Pop, J5 (2016), J5 (2017), J7 (2016), J7 (2017), J7 Max, J7 Neo, J7 Pop)
  • Galaxy Tab series (Tab S2 L Refresh, Tab S3 9.7)
“We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,” explained Samsung.


Apps update, Hack News, Hacking Tools, internet, Malware, Reviews, TechNews

Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses

Leave a comment
Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses
As reported yesterday, the credit reporting agency Equifax was hacked by unknown attackers. Now, it is being reported that the credit giant has been slapped with a multi-billion-dollar lawsuit over the data breach in which personal details of 143 million consumers was stolen – This is over 40% of the entire population of the United States.
“Plaintiffs file this complaint as a national class action on behalf of over 140 million consumers across the Country harmed by Equifax’s failure to adequately protect their credit and personal information. This complaint requests Equifax provide fair compensation in an amount that will ensure every consumer harmed by its data breach will not be out-of-pocket for the costs of independent third-party credit repair and monitoring services,” the complaint reads.
Remember, the stolen data includes names, addresses, birth dates, driver’s license numbers, credit card numbers of 209,000 consumers and dispute documents of 182,000 U.S. consumers. The data also included details of some Canadian and British residents.
All this was possible due to a “U.S. website application vulnerability to gain access to certain files.”

In a complaint filed by plaintiffs (PDF) Brook Reinhard and Mary McHill (both had their data with Equifax) in the federal court in Portland, Oregon; Equifax has been accused of not implementing proper security measures to protect the consumer data to save money rather than spending on security
In an email conversation with Fleming Shi, SVP Technology at Barracuda Networks said that “This breach is a like a Category 5 hurricane in the cyber world, affecting at least one-third of the U.S. population. The lasting impact from the breach will go on for years. Although web applications attacks are common, there are two variations that may be relevant to this incident.”
 In one instance, a company hosts software that is vulnerable to content injection or privilege escalation attacks. This vulnerability can easily be exploited, once discovered, as not every site is setup for auto updates.
 In the second instance, web applications or website code is independently vulnerable and subject to various well application-level attacks. In such cases, if software exhibits vulnerability to common attacks like SQL injection, XSS, Buffer, or overflow, this puts an organization at serious risk.”
Previously, Experian also suffered a similar hack attack leading to the theft of 15 million T-Mobile consumers data. The data was later being sold on the dark web for as cheap as 0.8082 (USD 600.00)
“Web Applications vulnerabilities continue to be a  critical exposure for many large organizations.  Attackers have gotten more sophisticated at probing for flaws in the underlying frameworks that many of these applications are built on top of which can lead to widespread security exposures even for organizations with mature security programs and secure coding practices in place – As companies continue to pursue more rapid application development capabilities they need to ensure their security program keeps pace and travels at a similar speed,” said Mike Cotton, Vice President of Research and Development at Digital Defense, Inc.
Currently, the law enforcement authorities are investigating the issue however one cannot deny it is a difficult situation for Equifax. First the data breach and now a multibillion-dollar lawsuit.

Hack News, internet, Malware, TechNews, trick

Mobile Bootloaders From Top Manufacturers Found Vulnerable to Persistent Threats

Leave a comment
Security researchers have found a number of extreme zero-day vulnerabilities within the cellular bootloaders from at the least 4 standard machine producers that would permit an attacker to achieve persistent root entry on the machine.
A staff of 9 security researchers from the University of California Santa Barbara created a particular static binary device known as BootStomp that routinely detects security vulnerabilities in bootloaders.
Since bootloaders are normally closed and onerous to reverse-engineer, performing evaluation on them is tough, particularly as a result of dependencies hinder dynamic evaluation.

Therefore, the researchers created BootStomp, which “uses a novel combination of static analysis techniques and underconstrained symbolic execution to build a multi-tag taint analysis capable of identifying bootloader vulnerabilities.”
The device helped the researchers uncover six previously-unknown vital security bugs throughout bootloaders from HiSilicon (Huawei), Qualcomm, MediaTek, and NVIDIA, which may very well be exploited by attackers to unlock machine bootloader, set up customized malicious ROM and chronic rootkits.
Five of the vulnerabilities have already been confirmed by their respective by the chipset distributors. Researchers additionally discovered a recognized bug (CVE-2014-9798) in Qualcomm’s bootloaders, which was beforehand reported in 2014, however nonetheless current and usable.
In a analysis paper [PDF], titled “BootStomp: On the Security of Bootloaders in Mobile Devices,” introduced on the USENIX convention in Vancouver, the researchers clarify that a few of the found flaws even permit an attacker with root privileges on the Android working system to execute malicious code as a part of the bootloader or to carry out everlasting denial-of-service assaults.

According to the researchers, the vulnerabilities impression the ARM’s “Trusted Boot” or Android’s “Verified Boot” mechanisms that chip-set distributors have carried out to set up a Chain of Trust (CoT), which verifies the integrity of every part the system hundreds whereas booting the machine.

Overview: Discovered Bootloader Vulnerabilities

The researchers examined 5 totally different bootloader implementations in Huawei P8 ALE-L23 (Huawei / HiSilicon chipset), Nexus 9 (NVIDIA Tegra chipset), Sony Xperia XA (MediaTek chipset) and two variations of the LK-based bootloader, developed by Qualcomm.
The researcher found 5 vital vulnerabilities within the Huawei Android bootloader:
  • An arbitrary memory write or denial of service (DoS) challenge when parsing Linux Kernel’s DeviceTree (DTB) saved within the boot partition.
  • A heap buffer overflow challenge when studying the root-writable oem_info partition.
  • A root person’s capacity to write the nve and oem_info partitions, from which configuration information and memory entry permissions governing the smartphone’s peripherals will be learn.
  • A memory corruption challenge that would permit an attacker to set up a persistent rootkit.
  • An arbitrary memory write bug that lets an attacker run arbitrary code because the bootloader itself.
Another flaw was found in NVIDIA’s hboot, which operates at EL1, that means that it has equal privilege on the because the Linux kernel, which as soon as compromised, can lead to an attacker gaining persistence.
The researchers additionally found a recognized, already patched vulnerability (CVE-2014-9798) in previous variations of Qualcomm’s bootloader that may very well be exploited to trigger a denial of service state of affairs.
The researchers reported all of the vulnerabilities to the affected distributors. Huawei confirmed all of the 5 vulnerabilities and NVIDIA is working with the researchers on a repair.
The staff of researchers has additionally proposed a sequence of mitigations to each restrict the floor of the bootloader in addition to implement numerous fascinating properties geared toward safeguarding the security and privacy of customers.
Hack News, internet, TechNews

Free Cobian RAT Offered on Underground Hacking Forums Comes With a Backdoor

Leave a comment
 A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data.
This new malware strain — advertised as Cobian RAT — has been offered for free to other crooks since February 2017, according to Deepen Desai, Senior Director of Research at cyber-security firm Zscaler.
Desai says the original author is offering a ” free builder” that allows other crooks to create their own version of the Cobian RAT with customized settings.
Others took this builder, created their customized Cobian RATs, and distributed the payloads, infecting other users.

Cobian RAT backdoored using Pastebin file

Unknown to the wannabe hackers who downloaded the RAT, these customized versions secretly connect to a Pastebin URL that is under the original author’s control from where they receive new commands.
“The [Pastebin file] corresponding to the builder variant that we analyzed has 4,055 unique visitor hits till now, indicating of number of systems infected,” Desai told Bleeping Computer in an email today.
These are systems to which two crooks have access. First, the hacker who distributed the customized Cobian RAT, and then the RAT’s original author.

Cobian RAT has bugs

The good news is that Cobian is not the smash hit other free RATs were in the past. For starters, not all the features work as intended.
“In our limited testing of the keylogger module, we observed some flakiness that it was not accurately capturing all the keystrokes when [a] user types […] a little fast,” Desai told Bleeping.
This is maybe why the RAT is not as popular, despite being offered for free for almost half a year. At the time of writing, researchers have rarely seen Cobian used in the wild.
“We haven’t seen any large scale campaign involving Cobian RAT,” Desai told Bleeping, “but [we] have been seeing a few isolated incidents where it was being delivered via a compromised website.”
Nonetheless, Cobian isn’t the epic failure you’d presume. If we ignore the back door and flaky keylogger component, Cobian isn’t far behind to what competitors are offering.
“The RAT contains all the standard features available in free/paid RATs. We have listed the full set of features in our blog,” Desai added.
Despite this, the discovery of the backdoor has killed any future Cobian development, as little users will be interested or risk downloading this tool now. Below is an infographic put together by Zscaler on Cobian’s modus operandi.
********************************************************************************************************************************************************

Indicators of CompromiseMD5: 94911666a61beb59d2988c4fc7003e5a
Zip File MD5: 7eede7047d3d785db248df0870783637
Source URL: belkomsolutions[.]com/t/guangzhou%20sonicstar%20electronics%20co%20ltd.zip
C&C: swez111.ddns[.]net:20000(173.254.223.81)
FileName: GUANGZHOU SONICSTAR ELECTRONICS CO. LTD.exe
Compilation timestamp: 2017-07-11 03:53:14
Digitaly Signed: Vendor /C=FR/L=Paris/O=VideoLAN/CN=VideoLAN
Signing Date:  11:24 AM 7/14/2017

******************************************************************************************************************************************************************************************************************************
Hack News, internet, Malware

Gazer: A New Backdoor Targets Ministries and Embassies Worldwide

Leave a comment





Security researchers at ESET have released new research today into the activities of the notorious Turla cyber espionage group, and specifically a previously undocumented backdoor that has been used to spy on consulates and embassies worldwide.


ESET’s research team are the first in the world to document the advanced backdoor malware, which they have named “Gazer”despite evidence that it has been actively deployed in targeted attacks against governments and diplomats since at least 2016.

Active since 2016, the malware campaign is leveraging a new backdoor, dubbed Gazer, and is believed to be carried out by Turla advanced persistent threat (APT) hacking group that’s been previously linked to Russian intelligence.



Gazer, written in C++, the backdoor delivers via spear phishing emails and hijacks targeted computers in two steps—first, the malware drops Skipper backdoor, which has previously been linked to Turla and then installs Gazer components.



In previous cyber espionage campaigns, the Turla hacking group used Carbon and Kazuar backdoors as its second-stage malware, which also has many similarities with Gazer, according to research [PDF] published by ESET.

Gazer receives encrypted commands from a remote command-and-control server and evades detection by using compromised, legitimate websites (that mostly use the WordPress CMS) as a proxy
Instead of using Windows Crypto API, Gazer uses custom 3DES and RSA encryption libraries to encrypt the data before sending it to the C&C server—a common tactic employed by the Turla APT group.

Gazer uses code-injection technique to take control of a machine and hide itself for a long period of time in an attempt to steal information.
ESET’s research team are the first in the world to document the advanced backdoor malware, which they have named “Gazer”despite evidence that it has been actively deployed in targeted attacks against governments and diplomats since at least 2016.
Gazer’s success can be explained by the advanced methods it uses to spy on its intended targets, and its ability to remain persistent on infected devices, embedding itself out of sight on victim’s computers in an attempt to steal information for a long period of time.
ESET researchers have discovered that Gazer has managed to infect a number of computers around the world, with the most victims being located in Europe. Curiously, ESET’s examination of a variety of different espionage campaigns which used Gazer has identified that the main target appears to have been Southeastern Europe as well as countries in the former Soviet Union.
The attacks show all the hallmarks of past campaigns launched by the Turla hacking group, namely:
  • Targeted organizations are embassies and ministries;
  • Spearphishing delivers a first-stage backdoor such as Skipper;
  • A second stealthier backdoor (Gazer in this instance, but past examples have included Carbon and Kazuar) is put in place;
  • The second-stage backdoor receives encrypted instructions from the gang via C&C servers, using compromised, legitimate websites as a proxy.
  • Don’t be fooled by the sense of humor that the Turla hacking group are showing here, falling foul of computer criminals is no laughing matter.
    All organizations, whether governmental, diplomatic, law enforcement, or in traditional business, need to take today’s sophisticated threats serious and adopt a layered defense to reduce the chances of a security breach.ESET’s research team are the first in the world to document the advanced backdoor malware, which they have named “Gazer”despite evidence that it has been actively deployed in targeted attacks against governments and diplomats since at least 2016.