#Ccleaner malware high level archiveĪ stealthy, targeted attackĪccording to Cisco, their actual targets were computers at a number of huge tech companies like Intel, Microsoft, Linksys, Dlink, Google, Samsung and Cisco, telecoms such as O2 and Vodafone, and (the odd man out) Gauselmann, a manufacturer of gaming machines.Ĭisco researchers came to this conclusion after analyzing an archive containing files that were stored on the attackers’ C&C server, and finding the list of domains the attackers were attempting to target:Īccording to their findings, some 700,000 hosts were saddled with the backdoored CCleaner. Of these some 540 are government systems around the world, and 51 belong to domains containing the word “bank” in their name. They also identified 20 unique hosts at eight (unnamed) companies that received the second stage payload that followed the CCleaner backdoor compromise. They posit that the actual number of computers that received the second stage payload “was likely at least in the order of hundreds.” But, as they noted, the number of compromised hosts and companies is likely higher, as the list was probably changed over the month or so the server was active.Īvast also arrived to the same conclusion. The second stage payload uses two components (DLLs): the first component contains the main business logic, and the second part of the payload is responsible for persistence. “Much of the logic is related to the finding of, and connecting to, a yet another CnC server, whose address can be determined using three different mechanisms: 1) an account on GitHub, 2) an account on WordPress, and 3) a DNS record of a domain (name modified here). Subsequently, the address of the CnC server can also be arbitrarily modified in the future by sending a special command, recognized by the code as a signal to use the DNS protocol (udp/53) to get address of the new server,” Avast’s CEO and CTO explained. “The second part of the payload is responsible for persistence. Here, a different mechanism is used on Windows 7+ than on Windows XP.”Īnother thing that points to the attackers’ high level of sophistication is that the DLLs piggyback on other vendors’ code by injecting the malicious functionality into legitimate DLLs (one is part of Corel’s WinZip package, and the other a part of a Symantec product). What are the attackers after?Ĭisco researchers posit that the attackers are after valuable intellectual property.Īn overlap of code used in these malware samples and malware previously used by Group 72 (aka Axiom), a long standing threat actor that has been known to target high profile organizations with high value intellectual property in the manufacturing, industrial, aerospace, defense, and media sectors in the US, Japan, Taiwan, and Korea. ![]() It is believed that Group 72 is a state sponsored actor backed by the Chinese government. The researchers found another thing that points towards China: the C&C server’s configuration specifies “PRC” (People’s Republic of China) as the time zone. For information on that run, visit the Smith & Myers website.But, they pointed out, this information cannot be relied on for attribution. Lead vocalist Brent Smith and guitarist Zach Myers are touring North America with their acoustic, Smith & Myers project this November and Decembers, starting with a Nov. The guys of Shinedown still have a busy 2021 ahead, to boot. In other news, Shinedown recently released a special, feature film surrounding their 2018 studio album, “ATTENTION ATTENTION.” The movie is currently streaming via digital and cable outlets, including iTunes, Amazon, GooglePlay, Vudu, Comcast, Dish Network, Verizon Fios, Mediacom and more. For more information, head to Shinedown’s website. ![]() ![]() General public on-sale begins Friday (Oct. local time, while venue and radio station pre-sales will begin Thursday (Oct. Shinedown’s fan club pre-sale starts Wednesday (Oct. View the band’s current 2022 tour roster below. 27 date in Montreal.įor openers, Shinedown have tapped fellow veteran rockers Pop Evil along with up-and-comer Ayron Jones. 26 in San Francisco, California, and run through a Feb. and Canadian shows, will kick off on Jan. Shinedown are gearing up for a hefty amount of touring in 2022, as the longstanding rock band has announced a lengthy round of North American tour dates for next year. and Canada in early 2022, and they’re taking Pop Evil and Ayron Jones along for the ride Shinedown will hit the road in both the U.S. ![]() Story by Cat Badra, photo by Sanjay Parikh
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |