Daily NCSC-FI news followup 2021-06-19

North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute

thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which – “27.102.114[.]89” – – has been previously linked to a state-sponsored threat actor dubbed Kimsuky.

Inside the Market for Cookies That Lets Hackers Pretend to Be You

www.vice.com/en/article/n7b3jm/genesis-market-buy-cookies-slack A representative for the hackers who breached EA said they bought the cookie from a site called Genesis Market. On Genesis, criminals don’t just buy one cookie; they buy exclusive access to a “bot, ” a compromised computer that is part of a botnet which could contain any number of login details. But more importantly, Genesis also lets customers essentially recreate a one-to-one replica of that victim’s browser, with their cookies and device fingerprints intact.

Klingon RAT Holding on for Dear Life

www.intezer.com/blog/malware-analysis/klingon-rat-holding-on-for-dear-life/ This is a technical analysis of an advanced RAT written in Go that we are calling Klingon RAT. The RAT is well-featured and resilient due to its multiple methods of persistence and privilege escalation. It was determined that the RAT is being used by cybercriminals for financial gain. It is important to stay on top of this threat as it will degrade Antivirus security through killing targeted processes and hiding communications through encrypted channels.

Easy Access to the NIST RDS Database

isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ When you’re facing some suspicious files while performing forensic investigations or analyzing malware components, it’s always interesting to know these files are legit or malicious/modified. One of the key sources to verify hashes is provided by NIST and is called the NSLR project (“National Software Reference Library”). They build “Reference Data Set” (RDS) of information that can be queried to verify a file hash. CIRCL, the Luxembourg CERT, has a good reputation to offer/participate in services like MISP, a passive DNS service, etc. They are now offering an API to query the NIST RDS via HTTP or DNS requests!

The researchers managed to identify and report the presence of Joker malware in 8 apps on Google Play Store

www.hackread.com/android-joker-malware-back-on-play-store/ The malware infects the user’s device after the infected application is downloaded and keeps collecting data secretly.

Podcast: Hyvä, paha govcoin mistä kansallisissa digivaluutoissa on kyse?

ulkopolitist.fi/2021/06/19/podcast-hyva-paha-govcoin-mista-kansallisissa-digivaluutoissa-on-kyse/ Lohkoketjuihin perustuvien kryptovaluuttojen rinnalle on noussut uusi ilmiö: “govcoinit” eli valtioiden omat digivaluutat. Mitä se merkitsee, ja onko ilmiöllä itse asiassa paljoakaan tekemistä kohuttujen kryptojen kanssa?

You might be interested in …

Daily NCSC-FI news followup 2020-11-21

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems arxiv.org/pdf/2011.09642.pdf Integrated GPUs share some resources with the CPU and as a result, there is a potential for microarchitectural attacks from the GPU to the CPU or vice versa. We believe this type of attack, crossing the component boundary (GPU to CPU or vice versa) is […]

Read More

Daily NCSC-FI news followup 2020-07-02

Connection discovered between Chinese hacker group APT15 and defense contractor www.zdnet.com/article/connection-discovered-between-chinese-hacker-group-apt15-and-defense-contractor/ Lookout said it linked APT15 malware to Xi’an Tianhe Defense Technology, a Chinese defense contractor. In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense […]

Read More

Daily NCSC-FI news followup 2019-08-08

Porin kaupunki joutunut tietomurron kohteeksi www.pori.fi/uutinen/2019-08-08_porin-kaupunki-joutunut-tietomurron-kohteeksi Keskiviikkona 7. elokuuta iltapäivällä yhdellä Porin kaupungin opetusverkon työasemalla havaittiin tietomurto. Kyseisen työaseman kautta oli saatu asennettua haittaohjelma opetusverkon käyttäjähakemistopalvelimille.. Haittaohjelman tarkoituksena oli datan kerääminen, joka on saattanut vaarantaa käyttäjien kirjautumistietoja. Varotoimenpiteenä kaikkien opetusverkon käyttäjien salasanat vaihdetaan, sanoo ICT-yksikön päällikkö Heikki Haaparanta. . Reagoimme tilanteeseen nopeasti, minkä vuoksi murto […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.