"Foreign hackers have breached and stolen information from Russian federal executive bodies, the Russian government said in a report published last week. To breach Russian federal agencies,...the attackers used a broad set of entry vectors that included spear-phishing, exploiting vulnerabilities in web applications, and hacking the IT infrastructure of government contractors. Once they breached a victim, the attackers would deploy two never-before-seen malware strains named Mail-O and Webdav-O, both stealthy backdoors... Both strains exfiltrated data to command and control infrastructure hosted on local Russian cloud providers... [and] were also designed to bypass Kaspersky antivirus software..." https://therecord.media/fsb-nktski-foreign-cyber-mercenaries-breached-russian-federal-agencies/
Kaspersky = rekt That said, makes me wonder if they were well configured. Kaspersky has Application Control and whatnot, aka every file that's not Identified in the database and/or KSN can be given Untrusted Status (you have to choose what) which gives very little permissions if at all. Same way as Comodo Firewall, except perhaps slightly more lax. So I'm still curious how they got infected in the first place. Cuz a properly configured Kaspersky should act the same way (or almost the same) as Comodo Firewall, with the added bonuses of all the other stuff. Also here's the report https://rt-solar.ru/upload/iblock/b55/Ataki-na-FOIV_otchet-NKTSKI-i-Rostelekom_Solar_otkrytyy.pdf Translation: https://translate.google.com/transl...otchet-NKTSKI-i-Rostelekom_Solar_otkrytyy.pdf
