Comments
'Energetic' Bear Under The Microscope
Newest First  |  Oldest First  |  Threaded View
BoatnerB
50%
50%
BoatnerB,
User Rank: Author
8/1/2014 | 10:22:52 AM
Interesting piece
Interesting reading, Kelly!
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
8/1/2014 | 9:26:33 AM
Re: state-sponsored hacking
Dear Kelly,

I suspect that they have used them, but we are not able to detect any similar intrusion due to the difficulties to track high sophisticated APT (e.g. State-sponsored malware).

Anyway, as you have remarked, it is worrying that the bad actors succeeded also exploiting poorly configured servers.

Thanks
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/1/2014 | 9:19:50 AM
Re: state-sponsored hacking
Appparently, they really didn't need 0days, which is sad but reality.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
8/1/2014 | 9:01:20 AM
Re: state-sponsored hacking
yes Kelly you are right ... comments in the code, as explained by other security firms, seems indicate that hackers have Russian origin. I believe it is very strange that no zero-day exploits were used in the campaign, I believe that there are a lot of details still uncovered.

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/1/2014 | 7:54:22 AM
Re: state-sponsored hacking
State-sponsored is definitely the assumption on this campaign. It's interesting that Kaspersky Lab is saying they can't confirm it's Russian-based. CrowdStrike and F-Secure have indicated it's out of Russia. But attribution can be tricky, as we've seen.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
8/1/2014 | 6:25:07 AM
state-sponsored hacking
Despite the attribution is very difficult and the bad actors behind the campaign haven't used any sophisticated strain of malware, I believe that the APT has a state-sponsored origin.

Statistics on working time, dimension of the architecture and targeted industries suggest me that we are facing with a cyber espionage campaign arranged by a government ... and probably this is just the tip of the iceberg.


Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1060
PUBLISHED: 2018-06-18
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1090
PUBLISHED: 2018-06-18
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
CVE-2018-1152
PUBLISHED: 2018-06-18
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVE-2018-1153
PUBLISHED: 2018-06-18
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
CVE-2018-12530
PUBLISHED: 2018-06-18
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.