Comments
'Energetic' Bear Under The Microscope
Newest First  |  Oldest First  |  Threaded View
BoatnerB
50%
50%
BoatnerB,
User Rank: Author
8/1/2014 | 10:22:52 AM
Interesting piece
Interesting reading, Kelly!
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
8/1/2014 | 9:26:33 AM
Re: state-sponsored hacking
Dear Kelly,

I suspect that they have used them, but we are not able to detect any similar intrusion due to the difficulties to track high sophisticated APT (e.g. State-sponsored malware).

Anyway, as you have remarked, it is worrying that the bad actors succeeded also exploiting poorly configured servers.

Thanks
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/1/2014 | 9:19:50 AM
Re: state-sponsored hacking
Appparently, they really didn't need 0days, which is sad but reality.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
8/1/2014 | 9:01:20 AM
Re: state-sponsored hacking
yes Kelly you are right ... comments in the code, as explained by other security firms, seems indicate that hackers have Russian origin. I believe it is very strange that no zero-day exploits were used in the campaign, I believe that there are a lot of details still uncovered.

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/1/2014 | 7:54:22 AM
Re: state-sponsored hacking
State-sponsored is definitely the assumption on this campaign. It's interesting that Kaspersky Lab is saying they can't confirm it's Russian-based. CrowdStrike and F-Secure have indicated it's out of Russia. But attribution can be tricky, as we've seen.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
8/1/2014 | 6:25:07 AM
state-sponsored hacking
Despite the attribution is very difficult and the bad actors behind the campaign haven't used any sophisticated strain of malware, I believe that the APT has a state-sponsored origin.

Statistics on working time, dimension of the architecture and targeted industries suggest me that we are facing with a cyber espionage campaign arranged by a government ... and probably this is just the tip of the iceberg.


6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10997
PUBLISHED: 2018-06-17
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
CVE-2018-11218
PUBLISHED: 2018-06-17
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVE-2018-11219
PUBLISHED: 2018-06-17
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
CVE-2018-10377
PUBLISHED: 2018-06-17
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.
CVE-2018-10969
PUBLISHED: 2018-06-17
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.