Iranian Hackers Use New Trojan in Recent Attacks

Discussion in 'malware problems & news' started by itman, Feb 23, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    6,636
    Location:
    U.S.A.
    Another Win system process abuse.
    https://www.securityweek.com/iranian-hackers-use-new-trojan-recent-attacks
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,150
    A well-known hacking group is getting better at evading detection
    September 4, 2018
    https://www.cyberscoop.com/oopsie-oilrig-iran-evading-detection/
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,150
    OilRig APT Continues Its Ongoing Malware Evolution
    September 13, 2018
    https://threatpost.com/oilrig-apt-continues-its-ongoing-malware-evolution/137444/
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,590
    Location:
    U.S.A. (South)
    Just another example of state actors competing for top honors in who can pop the top better and much more stealthy in some cases.

    Excluding Russia since they are sharp as a proverbial whistle in tweaking western tech, looks like DPRK + IRAN (Persia) + China are battling it out in back n forth technique. Thanks Windows- Whatta code structure o_O
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,220
    Location:
    Canada
    when people are gullible enough to fall for obscure, poorly written emails with subject lines like: "important issue" in them, and gladly open the attachments, then that's hardly the fault of Windows code structure. PEBKAC
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,590
    Location:
    U.S.A. (South)
    So very true indeed unfortunately. To that regard a rewritten code structure would never matter.

    The nilly willy cavalier attitude of happily opening attachments-macros etc will bite the end recipient's machine every time.

    Even a sandboxed containment for those business/end users might be a better alternative and yet looking at the raw numbers of submissions on only a single analysis site like Hybrid, show some are at least passing many thru a malware review grinder. Before or after the fact is whole other unknown though.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,220
    Location:
    Canada
    The organization I work for uses some sort of perimeter defenses for catching the majority of phishing/malicious emails, but a few do get through. Recently a colleague of mine opened one with a subject line of "check out this photo" ...LOL and unfortunately he fell for it, just because the sender was from someone he knew. Within mere minutes of opening the attachment he received a phone call from the head of the IT department telling him to shut down the laptop immediately and bring it in for analysis.
    He brought in to one of the company's security experts and after thoroughly analyzing it, he said no damage was done. I don't know what the attachment was or what its intended infection vector was, but the fact that employee's devices are so thoroughly "locked down" with limited user rights was instrumental in the malicious attachment being stopped dead in its mission to infect. Obviously the organization also has a built-in feature that alerts the IT department to any attempted malicious activities on their devices.
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,590
    Location:
    U.S.A. (South)
    Good job for that business entity (and others) that employs perimeter defense of some sort as you so well aptly point out.

    That alert provision is a superb forethought and obviously absolutely practical in this day and age where even the slightest miscue/even accident can open a channel for malicious code to fly through the veins of the end user system in a nanosecond of time.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.