The combination of the two utilities seems to be enough for the attackers to maintain a foothold inside the network, harvest data, and exfiltrate all the information they deemed interesting. The other is a custom utility which, despite its large size, has limited functionality and acts as a tunnel, possibly used by the attackers to maintain persistence within the compromised network. One is an open source utility used to remotely issue commands on a Windows host from a Linux host. Two suspicious artifacts have been retrieved from two separate servers within the Die Linke infrastructure. Von diesem Bericht existiert auch eine deutsche Übersetzung. We’re publishing it here with permission from The Left. This analysis of security researcher Claudio Guarnieri was originally written for The Left in German Bundestag. The in-depth report provides an analysis of technology, impact, possible attribution – and a signature to detect the malware. This is the summary of an analysis by an IT security researcher, which we publish in full. Servers of The Left in German Bundestag have been infected with malware, apparently by a state-sponsored group of Russian origin.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |