fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Chinese Hackers Use Windows zero-day To Attack Defense, IT Firms

Chinese Hackers Use Windows zero-day To Attack Defense, IT Firms

A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).

The malware, known as MysterySnail, was found by Kaspersky security researchers on multiple Microsoft Servers between late August and early September 2021.

They also found an elevation of privilege exploit targeting the Win32k driver security flaw tracked as CVE-2021-40449 and patched by Microsoft today, as part of this month’s Patch Tuesday.

“Besides finding the zero-day in the wild, we analyzed the malware payload used along with the zero-day exploit, and found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities,” Kaspersky researchers Boris Larin and Costin Raiu said.

Also Read: This Educator Aims to Make Good Cyber Hygiene a Household Practice

“Code similarity and re-use of C2 infrastructure we discovered allowed us to connect these attacks with the actor known as IronHusky and Chinese-speaking APT activity dating back to 2012.”

The Chinese-speaking IronHusky APT was first spotted by Kaspersky in 2017 while investigating a campaign targeting Russian and Mongolian government entities, aviation companies, and research institutes with the end goal of collecting intelligence on Russian-Mongolian military negotiations.

One year later, Kaspersky researchers observed them exploiting CVE-2017-11882 Microsoft Office memory corruption vulnerability to spread RATs typically used by Chinese-speaking groups, including PlugX and PoisonIvy.

Privilege escalation zero-day used to deploy RATs

The privilege escalation exploit used to deploy the MysterySnail RAT deployed in these attacks targets Windows client and server versions, from Windows 7 and Windows Server 2008 to the latest versions including Windows 11 and Windows Server 2022, unpatched against CVE-2021-40449.

While the zero-day exploit spotted by Kaspersky in the wild also supports targeting Windows client versions, it was only discovered on Windows Server systems.

The MysterySnail RAT is designed to collect and exfiltrate system information from compromised hosts before reaching out to its command-and-control server for further commands.

MysterySnail can perform various tasks on infected machines, ranging from spawning new processes and killing already running ones to launching interactive shells and launching a proxy server with support for up to 50 simultaneous connections.

Also Read: The 5 Phases of Penetration Testing You Should Know

“The malware itself is not very sophisticated and has functionality similar to many other remote shells,” the two researchers added.

“But it still somehow stands out, with a relatively large number of implemented commands and extra capabilities like monitoring for inserted disk drives and the ability to act as a proxy.”

Further technical details and indicators of compromise can be found in the report published by Kaspersky today.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us