PERSISTENT HACKING – PARASITE ON YOUR SYSTEMS
If you ever thought that hacking was an off action and the hackers get away with the data booty for whatever purposes, then you are badly mistaken. Even if you thought that the ever-notorious ransomware attacks are the worst both for reasons having been forced to pay, not knowing the exact fate of your data and not having access to it, you may still be far away from the truth. Not knowing that you have been hacked and the threat actor is residing in your system for days, months and years together is a scenario no one would ever wish to land into.
Unknown danger for unknown durations of time, cyber experts of the ultimate would also find next to impossible to tackle. Just give this incident a thought reported by BleepingComptur – Iranian hackers lurked in the Middle Eastern government network for 8 months. It can disturb any government to its wits end. Getting caught unawares and remaining in that situation is not a normal deal. When you don’t know of the incident how can you fathom out the damage and less so respond. You will work in a manner that life is going on as usual and everything is safe, sound and fine.
As per reports in the public domain, an Iranian hacking group tracked as OilRig (APT34) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for 8 months. This was between February and September 2023. OilRig is linked to Iran’s Ministry of Intelligence and Security (MOIS) and is known for mounting attacks against the US, the Middle East and Albania. The attacks were used to steal passwords and data, and also to install a ‘PowerExchange’ which accepted commands via Microsoft Exchange. PowerExchange was first reported in May 2023 by Fortinet report providing samples retrieved from the compromised systems.
OilRig is a very potent weapon as it “utilizes a mix of tools, scripts, and techniques” to expand their access and maintain persistence across multiple systems in a compromised network. The activities of these all-comprehensive attacks combine reconnaissance, lateral movement and data exfiltration. It was in the year 2019 that* OilRig’s toolkit had leaked* and it was faced with an existential crisis. Symantec given the present evidence regarding the depth, duration and comprehensiveness of the attack in question Symantec concludes that it is clear that the threat actors remain as active as ever.
LURKING THREAT ACTOR IN YOUR SYSTEM IS THE WORST FORM OF COMPROMISE.
Have a nice evening.