![]() ![]() ![]() 1 below) was seemingly unable to enter the company's network via traditional means (like the ones that were outlined above). The aim of these are so that analysts are not left unequipped and have some starting points if tasked to research these particular threatsįirst up is a somewhat iconic report by none other than everyone's favourite "AI" cybersecurity firm, DarkTrace, whose 2017 Global Threat Landscape report detailed how a threat actor reportedly used an Internet-connected fish tank at a Casino. > I've added some " Bushido comments" offering my own opinion and around each scenario. ![]() The techniques discussed in this blog, however, r equires a bit more determination, opportunism, and lateral thinking. Traditional initial access techniques for common threats such as Ransomware operators or Advanced Persistent Threat (APT) groups include phishing for credentials, malicious spam containing malware, obtaining RDP credentials via brute force or purchasing them from underground markets, and exploiting a vulnerability in a public-facing system. How to implement detection for these techniques also d epends on your threat model and who is trying to target you or your organisation. You're u nlikely to find these in the Mitre ATT&CK framework and these are pretty u nlikely to happen day-to-day, but they are perfectly valid for persistent attackers. However, ESET noted that the three strains of malware deployed through NoxPlayer malware had “similarities” with other varieties of malware used in a supply chain commitment on the Myanmar presidential office website in 2018 and early of 2020 in an intrusion on a Hong Kong university.Artwork by aim of this blog is to highlight initial access techniques that you’ve potentially not heard of before. It’s unclear whether the commitment to NoxPlayer is the work of a state-sponsored group or a financially motivated group that wants to engage game developers. ![]() The second is the case of VGCA, the official certification authority of the Vietnamese government.ĮSET investigators did not formally link this incident to a well-known hacking group. The first is the case of Able Desktop, software used by many Mongolian government agencies. This incident is also the third supply chain attack discovered by ESET in the last two months. To date, and based on its own telemetry, ESET said it detected malware-related NoxPlayer updates that were only delivered to five victims, located in Taiwan, Hong Kong and Sri Lanka.ĮSET today released a report with technical details for NoxPlayers to determine if they received a malware update and how to remove it.Ī BigNox spokesman did not return any requests for comment. specific, which suggested that it was a highly targeted attack that wanted to infect only a certain class of users. “Three different malware families were detected distributed from malware updates tailored to select victims, with no sign of reaping any economic benefit, but rather surveillance-related capabilities,” ESET said in a shared report today with ZDNet.ĭespite evidence implicating that attackers had access to BigNox servers since at least September 2020, ESET said the threatening actor did not target all of the company’s users, but focused on machines. Through this access, hackers modified the download URL of NoxPlayer updates to the API server in order to deliver malware to NoxPlayer users. or macOS.ĮSET says that, based on evidence gathered by its researchers, a threatening actor committed one of the company’s official APIs ( ) and file hosting servers ( ). The attack was discovered by Slovak security firm ESET on January 25 last week and targeted BigNox, a company that makes NoxPlayer, a software client for emulating Android applications on Windows desktop computers. A mysterious hacking group has compromised the server infrastructure of a popular Android emulator and sent malware to a handful of victims across Asia in a highly targeted supply chain attack. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |