Backdoor_Trojan_known_as_SpeakUp

on

A memory flaw covered by time was exposed by "hackers"; the flaw enabled the group to gain control over their target's system remotely. A remote access is a feature within the "Windows operating system". Design to allow administrators access via remote. The attackers exploited a memory corruption flaw (CVE-2017- 11882), which—in "Microsoft Office" 2007, 2010, 2013, and 2016—downloads malicious HTML applications (HTA) file with the final payload being a Remote Access Trojan. The buffer overflow defect lies in the "Microsoft" Equation Editor component in "Microsoft Office", when, exploited, the result is a remote arbitrary code execution.

Details about two campaigns that exploited an older flaw in Microsoft SUIT classified under CVE-2016-7262 and CVE02017- 0199 . The campaign delivered under CVE2017-0199 was a malicious "Microsoft PowerPoint" document, which exploited the defect in the codes. The exploitation of the security feature bypass in MS Powerpoint result lead to a remote code execution. These files lies in the way specially crafted files are parsed by Microsoft Office and WordPad.

A Successful exploitation requires the user to click through the security warning to enable macros after opening the malicious file, which was delivered via spear-phishing. The malicious code were delivered to a mailing list controlled by the Central Tibetan Administration. 

The threat actors attempted to hide the payload by changing the program’s icon to look like a call to action variable, the groups tactics carried out on various attacks took advantage of the flaw infecting IoT devices and installed "cryptocurrency" miners, backdoors, and "Microsoft" malwares.

Since the group carried out their attack against Microsoft Office 2007-2016; "Microsoft" have taken their Office platform to the cloud. Secure with the IoT allowing the giant size company to enable a subscription service to the Office platform. Theflaw lied in the NoneCmsV1.3.thinkphp/library/thin/App. php and the handling of crafted filter parameters. 

The malicious, device-infecting software includes variants of the Mirai botnet, the Mimikatz credential harvester, and a backdoor Trojan known as SpeakUp. These provide the capabilities to collect usernames, network information, and CPU details and infect the system with the XMRig "cryptominer. The code contacted the attacker C2 server to download the Exile Remote Access Trojan, which is capable of exfiltrating a range of system information from the infected host, as well as uploading and downloading files and creating and terminating system processes.

  1. Infected system:
  2. slower operations
  3. longer load time
  4. excessive buffer errors
  5. and delayed audio
Location: Ontario, Canada

Comments

Anonymous said…
Are there any fix, CVO's?
January 6, 2021 at 8:33 AM
Anonymous said…
Regarding Trojans are they a virus or worm? :)
January 7, 2021 at 8:43 AM
Post a Comment

Popular Posts

Linux Professional Institute

Tactical malware infection process Script kiddies, scammers and hacker are implementing new ways and strategic advancements on customers, businesses and the corporate world, searching for bits and bytes. The most recent technique observed by our researchers is the “hijacking” of legitimate invoices sent by companies so that the account number is changed to that of the scammers. Some cases we have seen involved scammers attacking the email server to change the details on the invoices. Others were just fake invoices emails sent without the need to hack the email server, but which were effective provided they went out before the legitimate invoices." First, the user will receive an email disguised as routine notification, most commonly an INVOICE, BILL or RECEIPT. Unfortunately this email normally includes attachments, typically JavaScript (JS) file or Office file containing malicious macros. After the user Open the email with the attachment, it then executes a PowerShell script to ...

Computer_Systems_Display_Divices

Who let the gamers out ❤, is a phase only for the elite of gaming. Whether you are PC gamer or a content creator rendering is your forte. If you live or die for speed when it comes to graphic acceleration then you might have some gamer in you. Vide cards are like essential service to gamers, because at the end of the day it’s who can lustily brag.  How can we evaluate when a video card is good 👲, we can advise you on the best video card for you PC. But, do you retain the knowledge it takes to purchase and upgrade your video card; let’s touch some trends, information can affect which card you chose. Ok, let’s spend; most consumer video cards starts around fifty dollars and can range up-to thousands of dollars. It’s easy to over or under pay as a consumer. So, first off what does GPU cards do. And how can they make or brake you.  🔎 If you are searching for a new PC system and you are not a gamer a IGP system is good for you. But, if you be a gamer IGP’s are out the door in p...

Recent_appetites_are_emeals_and_credential_stuffing_with_password_combination

Shadow companies been operating a large RDP shop online, under covers for time now. its a market selling remote desktop protocol accesses to hacked machines. The online under-ground market have gathered and selling access to about 70,000 machines already hacked.  Do not allow RDP connections over the open Internet Use Complex Passwords Use Multi-Factor Authentication Use an RDP Gateway Lock out users and block or timeout IPs that have too many failed logon attempts Use a Firewall to restrict access Enable Restricted Admin Mode Encryption Enable Network Level Authentication (NLA) Restrict users who can logon using RDP Minimize the Number of Local Administrator Accounts Ensure that Local Administrator Accounts are Unique Limit Domain Administrator Account Access Consider using an account-naming convention that does not reveal organizational information

A_more_intelligent_Internet_of_Things (IoT)

"Intel Corporation" was founded on July 18, 1968 The company's name was conceived as portmanteau of the words integrated and electronics. The fact that "intel" is the term for intelligence information also made the name appropriate. Intel was an early developer of SRAM and DRAM memory chips, which represented the majority of its business until 1981. Although Intel created the world's first commercial microprocessor chip in 1971, it was not until the success of the personal computer (PC) that this became its primary business. Today the Intel Corp. serves a wide variety of products including: Its processors, its boards and kits, its Memory & Storage, its Power Solutions and more. Intel is worth 77.5 billion dollars up-to-date, on staff they are responsible for 110,000 employees with and operating income of 22 billion dollars. Because, during the 90s, Intel invested heavily in new microprocessor designs fostering the rapid growth of the computer industry. ...

The IoT - i9 or M1 to 4K and 5G

The Intel Corporation was founded on July 18, 1968 The company's name was conceived as portmanteau of the words integrated and electronics. The fact that "intel" is the term for intelligence information also made the name appropriate. Intel was an early developer of SRAM and DRAM memory chips, which represented the majority of its business until 1981. Although Intel created the world's first commercial microprocessor chip in 1971, it was not until the success of the personal computer (PC) that this became its primary business. Today the Intel Corp. serves a wide variety of products including: Its processors, its boards and kits, its Memory & Storage, its Power Solutions and more. Intel is worth 77.5 billion dollars up-to-date, on staff they are responsible for 110,000 employees with and operating income of 22 billion dollars. Because, during the 90s, Intel invested heavily in new microprocessor designs fostering the rapid growth of the computer industry. During t...

Cybersecurity, why is it a growing profession

Cybersecurity A Global PandemicDuring pandemics it is important to consider internet security, heighten concerns, and precautions that must be taken. Protect yourself and your place of work. Because oft: malicious electronic messages, malware and scams. Hacker groups are reaping the havoc surrounding high profile events. especially the fear which is associated with the current pandemic. Hackers have implemented a number of click baits or call to action scripts with the goal to get their victim to comply with the intent to lure them to malicious links or attachment. Threats of these nature where design to by-pass security settings. Exposing personal or unauthorized information on computer system and mobile devices. Before accessing your emails, ensure there are no redundancy. Check if the address and attachment is valid. Make sure it’s from a reputable sender. Scan for mistakes. Ensure the mail is from a valid address and domain name space. Be vigilant and practice extra caution. Verif...

We-Chat_or_What'sApp

The "WhatsApp" ❤ group and "Weixin" ✌, are both technology companies who launched their App around the same time. "Weixin", a project started by the Tencent research group in China launched the app in 2011.  Then the government of china swiftly endorsed the project; allowing the App to grow to 1 billion active users.  While, WhatsApp the American freeware which released 11 years ago today was endorsed by FaceBook providing these services: Voice Over IP, text messages and voice messages. Allowing "WhatsApp" to make: voice, video calls, share images, documents, user locations, and other media.  The what’s App groups coming to an end, in other word are the investors investments secure.  The "WhatsApp" application was shutdown by Governing forces because they refused to place wiretap on accounts. Making investors unease on their investment; because, the South American government forcibly placed sanctions on the "WhatsApp" company...

The key to cyber attack countermeasures as the cloud and IoT.

On November 11, 2020, nCipher, which implements digital security measures such as encryption technology, is a public key authentication infrastructure (PKI) that is the key to cyber attack countermeasures in the development of digital applications such as the cloud and IoT (Internet of Things). ) Has been released. The report showed that the number of companies using PKI has increased rapidly worldwide in recent years, and the security trends in Japan among them. The survey was conducted on 2000 IT and IT security personnel in companies in 17 countries including France, Germany, Australia, and South Korea, in addition to Japan. The survey was conducted in January 2020. This is a time when the impact of the new coronavirus infection (COVID-19) on industry is still small. For this reason, Jiro Shindou, marketing director of Digital Security Solutions at Entrust, which owns nCipher, said about the survey results, "If you conduct the survey again in 2021 the following year, the surve...