Exclusive Content:

APT Group Acquires Industrial Espionage IT Infrastructure

Kaspersky ICS CERT has detected a wave of targeted attacks on companies and public institutions in the military-industrial complex in many Eastern European countries and Afghanistan. Cyber ​​criminals have managed to take over the victims’ entire IT infrastructure for industrial espionage.

In January 2022, Kaspersky researchers witnessed several sophisticated attacks on military and public institutions. The main purpose of the attacks was to gain access to companies’ private information and take control of their IT systems. The malware used by the attackers was similar to that of TA428 APT, a Chinese-speaking APT group.

The attackers infiltrated corporate networks by sending elaborate phishing emails containing trade secrets to organizations, some of which were not made public at the time the emails were sent. This indicates that the attackers consciously prepared for attacks and pre-selected their targets. The phishing emails contain a Microsoft Word document containing malicious code to exploit a vulnerability that could allow an attacker to execute arbitrary code without any activity. The vulnerability exists in older versions of Microsoft Equation Editor, a component of Microsoft Office.

The attackers also used six different back doors at once. They did this to establish additional channels of communication with infected systems in case one of the malicious programs was detected and removed by the security solution. These backdoors provided extensive functionality to monitor infected systems and collect confidential data.

The final phase of the attack involved taking over the domain controller and taking full control of all of the organization’s workstations and servers. In one case, they even took over the cybersecurity solutions control center. After gaining domain administrator rights and access to Active Directory, the attackers performed the so-called “golden ticket” attack to impersonate organizations’ arbitrary user accounts and search for sensitive data and other files belonging to the attacked organization.

Kaspersky ICS CERT Security Specialist Vyacheslav Kopeytsevsay: “Golden ticket attacks use the standard authentication protocol that has been in use since the launch of Windows 2000. By forging Kerberos Ticket Granting Tickets (TGTs) within the corporate network, attackers can independently access each network service. As a result, simply changing passwords or blocking compromised accounts is not enough to prevent this. Our advice is to carefully monitor all suspicious activity and look for reliable security solutions.”

You can learn more about the attack on Kaspersky ICS CERT.

To protect your ICS computers from various threats, Kaspersky experts recommend companies:

  • Regularly update operating systems and application software that are part of the corporate network. Apply security solutions and patches to IT and OT network equipment as they become available.
  • Perform regular security audits of IT and OT systems to identify and eliminate potential vulnerabilities.
  • Use ICS solutions for network traffic monitoring, analysis, and detection to better protect against attacks that can threaten technology processes and critical assets.
  • Implement specific security training for IT security teams and OT technicians to improve response to new and advanced malicious techniques.
  • Provide up-to-date threat intelligence to the security team responsible for protecting industrial control systems. Our ICS Threat Intelligence Reporting service provides information on current threats and attack vectors, the most vulnerable elements in OT and industrial control systems, and how to mitigate them.
  • Use security solutions such as Kaspersky Industrial CyberSecurity on your OT endpoints and networks to provide comprehensive protection for all industry-critical systems.
  • Also protect your IT infrastructure. Integrated Endpoint Security protects business endpoints and provides automated threat detection and response

Source: (BYZHA) – Beyaz News Agency

Source: Haber Safir

Latest

Newsletter

Don't miss

Video | Arkansas shooting: at least two killed, eight injured

At least two people were killed and eight were injuredincluding a police officer, shooting in the supermarket Arkansas this Friday, local police said.The shooting...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

pron india eroteenies.info sex mumbai video lupusregina beta hentai hentaifile.com cumflation hentai kolkata local sexy video brostube.info desipapacom rostom padilla teleseryeepisodes.com jared bahay isai mini.com dunato.mobi tamil sex lady hentai isekai hentaiup.net hentai massive tits سكس موظف forzaarab.com افلام سكس نيك في الطيز owl hentai hentaihq.org henita manga marvadi sexi hairyporntrends.com malayalam hidden cam sex pron indian cowporn.info xvedios indian favorite seneka sex photos tubeshere.info odia six vido سكس ياباني محارم pornolodim.net نيك زوجة مصرية www xxxindin verpornos.org xxxxnxx india wap sextoyporntrends.com school fucking videos 3x blue film hindi xxxvideohd.net sex mms vedio