According to a report from Ars Technica and The Record, the network of the US Commission on International Religious Freedom (USCIRF) was hacked through a “backdoor”.
A report published last week by the Czech cybersecurity company Avast states: “This attack can lead to full network visibility and complete control over the system, and can therefore be used for used as the first step in a multi-stage attack to penetrate this or other networks deeper.”
Avast said it had to make its findings public after unsuccessful attempts to notify the agency directly of the breach and through other channels conducted by the US government.
The attack is carried out in two stages to deploy two malicious binaries that allow unknown adversaries to intercept internet traffic and execute code of their choice, giving hackers complete control over infected system. To achieve this intrusion, the hacker abused the user-mode packet redirection and collection (WinDivert) package of the Windows operating system.
It is worth noting that both samples masquerade as an Oracle library named “oci.dll”, the second stage decryptor deployed in the attack was found to bear similarities to another executable file. Researchers from cybersecurity software provider Trend Micro published details in 2018.
It is possible that some form of data collection and filtering of network traffic occurred, the researchers said, but that is well-informed speculation. That said, we have no way of knowing for sure the scale and scope of this attack beyond what we’ve seen.
Phan Van Hoa(according to Thehackernews)
Billions of Wi-Fi and Bluetooth devices are at risk of global attack
A new study has revealed that hackers can steal passwords and manipulate web traffic on Wi-Fi chips by targeting the Bluetooth connection standard of mobile devices.