Cyber security summary 26 June - 2 July

Last week events were overshadowed mainly by a massive cyber campaign of new malware named NotPetya while WikiLeaks published documentation of another two tools as a part of the project Vault 7 that reveals CIA's cyber arsenal.

Starting from 27 June, many European countries were faced with the infection of the NotPetya malware. The virus, which uses the same vulnerability as the WannaCry ransomware, derivates its name from other malicious code (Petya) that it shares attack methods with. According to many experts including representants of Comae Technologies and Kaspersky Lab, however, NotPetya is from the technical standpoint simply not able to offer description option. Therefore its purpose is not considered to be a ransomware, but rather a destructive cyber tool.

Another malware to which Ukraine recently fell victim - XData, is also suspected to be a cyber-attack disguised as ransomware. According to the Ukrainian intelligence service SBU, the perpetrator behind NotPetya campaign is the Russian Federation, which allegedly chose the date of the attack for Ukrainian Constitution Day. The local media also speculate that Russian firm Lucky Labs, which cooperates with Russian intelligence services, used its access to Ukrainian infrastructures to spread NotPetya malware.

On June 28 WikiLeaks published a new batch of documents concerning a malware named Elsa. The purpose of the tool is to estimate the geographic location of infected platforms (Windows machines with Wi-fi function). Elsa achieves this by scanning visible WiFi access points and recording their details. The data about the approximate position, based on the signal strength and cross referencing with public databases of wi-fi networks are encrypted and stored on the device for later exfiltration.

Several days after the publication of materials about Elsa, another exploit named OutlawCountry was covered by WikiLeaks. OutlawCountry is an espionage tool for platform Linux, namely Red Hat Enterprise Linux 6.x or CentOS 6.x system. With the use of a framework netfilter an attacker could alter system configurations and firewall rules and thus allow the redirection of all outbound network traffic on the infected computer to CIA-controlled machines.

The U.S government warned industrial firms this week about a hacking campaign against the nuclear and energy sectors lasting at least since May 2017. According to a joint report from the US Department of Homeland Security and the FBI, to gain user credentials into mentioned networks, the attackers used phishing emails.

About author: Roman Šulc


Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace