22/02/2017

Hackers Infect Microphones to Spy on Ukrainian, Russia, Saudi Arabia, and Austria Organizations

The security firm CyberX has discovered a cyber espionage operation that has stolen 600 gigabytes worth of data from some 70 organizations across Ukraine, but also targets in Russia, Saudi Arabia, and Austria. The infected organizations span industries involved in critical infrastructure, news media, and scientific research. The campaign, known as Operation BugDrop, injects malware into the victims’ computers to capture screen shots, documents, and passwords, and is capable of turning on the computer’s microphone to gather audio recordings of conversations taking place in the computer’s vicinity. The hackers infect victims by using compromised Microsoft Word documents sent through phishing emails, and once the malware accesses the various files, data, and audio, it sends it on to a Dropbox where it can be retrieved by the hackers.

The Cipher Take:The types of targets, as well as the sophisticated malware coupled with targeted spearphishing attacks, indicates the hackers are probably working with the support of a nation-state—most likely Russia. The method used for injecting the malware, something known as Reflective DLL Injection, was a technique also leveraged by the BlackEnergy malware used in the 2015 Ukrainian power grid attack—a piece of malware also affiliated with the U.S. “Grizzly Steppe” report on Russian hacking activities. While the same injection technique was used in the Stuxnet breach revealed in 2010, it is possible others then commandeered the method as a viable mode of intrusion. 

3 comments :

  1. Anonymous22/2/17 18:08

    ΟΛΟΙ ΑΥΤΟΙ ΚΥΡΙΩΣ ΧΡΗΣΙΜΟΠΟΙΟΥΝ ΛΕΙΤΟΥΡΓΙΚΟ WINDOWS.ΕΚΕΙ ΕΧΕΙ ΕΦΑΡΜΟΓΗ ΤΟ ''Reflective DLL Injection''.ΕΝΔΙΑΦΕΡΟΝ ΕΧΕΙ ΤΟ ΚΕΦΑΛΑΙΟ ΑΝΙΧΝΕΥΣΗ (Detection) ΣΤΟ ΤΕΛΟΣ.

    http://www.harmonysecurity.com/files/HS-P005_ReflectiveDllInjection.pdf

    -ΔΗΜΗΤΡΑ-

    ReplyDelete
  2. ΕΝΔΙΑΦΕΡΟΝ. ΣΥΝΕΧΙΖΩ ΠΑΝΤΩΣ ΝΑ ΜΗΝ ΚΑΤΑΛΑΒΑΙΝΩ ΠΩΣ ΑΠΕΚΤΗΣΑΝ ΠΡΟΣΒΑΣΗ ΣΤΑ ΜΗΧΑΝΗΜΑΤΑ (servers, pc,) ΣΤΟΧΟΥΣ, ΩΣΤΕ ΝΑ ΠΡΟΒΟΥΝ ΣΕ ΑΥΤΟ ΤΟ...Injection. ΟΙ ΛΟΓΙΚΕΣ ΕΞΗΓΗΣΕΙΣ ΕΙΝΑΙ ΟΙ ΕΞΗΣ ΔΥΟ:

    ΕΙΤΕ ΟΙ ΧΡΗΣΤΕΣ-ΧΕΙΡΙΣΤΕΣ ΜΕ ADMIN RIGHTS ΑΥΤΩΝ ΤΩΝ ΤΕΡΜΑΤΙΚΩΝ ΔΕΝ ΕΧΟΥΝ ΙΔΕΑ ΚΑΙ ΑΝΟΙΓΟΥΝ ΟΤΙ ΣΤΟΥΣ ΣΤΕΛΝΟΥΝ
    ΕΙΤΕ ΚΑΠΟΙΟΣ ΑΠΟ ΜΕΣΑ ΕΓΚΑΤΕΣΤΗΣΕ "ΚΑΤΙ" ΦΥΣΙΚΑ ΠΑΝΩ ΣΤΟΝ ΕΞΥΠΗΡΕΤΗΤΗ.

    ReplyDelete
  3. Anonymous22/2/17 18:32

    ΣΤΗΝ ΕΛΛΑΔΑ Η ΑΙΤΙΑ ΘΑ ΗΤΑΝ ΤΟ ΠΡΩΤΟ ΠΟΥ ΑΝΕΦΕΡΕΣ.ΓΙΑ ΕΞΩΤΕΡΙΚΟ ΤΟ ΑΠΟΚΛΕΙΩ,ΧΩΡΙΣ ΝΑ ΕΙΜΑΙ ΚΑΙ 100% ΣΙΓΟΥΡΗ.ΛΟΓΙΚΑ ΚΑΠΟΙΟΣ ΑΠΟ ΜΕΣΑ ΚΑΙ ΜΗΝ ΞΕΧΝΑΣ ΚΑΙ ΤΑ ΕΞΩΤΕΡΙΚΑ ΑΠΟΘΗΚΕΥΤΙΚΑ ΜΕΣΑ (FLASH STICKS ) ΠΟΥ ΤΟΠΟΘΕΤΕΙ Ο ΚΑΘΕΝΑΣ ΣΤΟ ΠΡΟΣΩΠΙΚΟ ΤΕΡΜΑΤΙΚΟ ΤΟΥ...

    -ΔΗΜΗΤΡΑ-

    ReplyDelete