A naukri.com initiative
Sentinelone
3w
310
Image Credit: Sentinelone
The Good, the Bad and the Ugly in Cybersecurity – Week 42
- An unsealed indictment charged two brothers with operating the hacktivist group ‘Anonymous Sudan’, responsible for over 35,000 Distributed Denial of Service (DDoS) attacks globally.
- Latest research notes OilRig deploying a novel backdoor to exploit Microsoft Exchange servers for credential theft. So far, the APT has also been seen leveraging known vulnerabilities to escalate privileges on compromised systems.
- RomCom (aka Storm-0978, UAC-0180, and Void Rabisu) has been active since 2022 and is known for multi-faceted operations that include elements of ransomware, extortion, and credential theft.
- Security researchers highlight the similarities between StealHook and previous OilRig malware, suggesting a gradual evolution of past tools.
- U.S. officials described Anonymous Sudan as one of the most dangerous cyber groups within the DDoS threat ecosystem.
- Rather than rely on compromised devices, Anonymous Sudan leveraged tools like Skynet Botnet and DCAT that used open proxies to overload servers.
- Current concern is that RomCom may potentially add ransomware to their arsenal for future campaigns, affecting the high-value entities that the group so often targets within the energy sector.
- OilRig then installs a password filter DLL to capture plaintext credentials during password changes and uses the remote monitoring tool ‘ngrok’ for stealthy communications.
- This suggests a clear espionage-based motive, as opposed to short-term attacks focused solely on disruption or financial gain.
- RomCom attacks begin with spear phishing emails that deliver downloaders such as MeltingClaw or RustyClaw to deploy the ShadyHammock and DustyHammock backdoors.
Read Full Article
18 Likes
For uninterrupted reading, download the app