"Election" hacking has never been simpler than it is today!
infosec

"Election" hacking has never been simpler than it is today!

Being a professional hacker has never been easier and more profitable than it is today. According to...
Read More
infosec

A new Android Trojan misleads users through notifications

A new Android Trojan discovered by security researchers on the Google Play Store uses false notifications to redirect their ...
Read More
infosec

Europol: Training of police officers with ....... a game!

In recent years, cryptocurrencies are a frequent target of hackers' attacks. For this reason, Europol has decided to train ...
Read More
infosec

Dark Web: Selling drugs in exchange for Bitcoins. Now prison!

We know that Dark Web is mainly used by hackers and people who are interested in doing illegal online activities. These people are using ...
Read More
infosec

Twitter: Deleting thousands of fake Iranian and Russian accounts

One of the most common means of spreading misinformation and political propaganda is social media. Twitter found, ...
Read More
Latest Posts

Hawkball: New backdoor looking for victims in central Asia

Hawkball: Backdoor is a method that bypasses regular authentication or encryption on a computer system or product. Backdoor can be used to access passwords, erase data on hard drives, or transfer information to cloud.

In accordance with FireEye Labs, a backdoor recently found under the name of Hawkball in a campaign, appears to be targeting Russian-speaking government members in central Asia.

Virtually the way it works is that it enters the system and then imports malware. This is where the investigation is carried out and the victims' information is collected.

Backdoor Hawkball

In order to transport the backdoor, from those who attacked, they used a malicious file that appears to come from a counter-terrorist organization centered on the post-Soviet republics that make up the Commonwealth of Independent States. The name of this text translates roughly from Russian into English as "Collection of the guiding composition of the anti-terrorist security units and the special services of the CIS (Commonwealth of Independent States) States".

Of course, FireEye's analyst Benjamin Read said that although they can not be sure of targeting Hawkball, they think it's about a government.

Opening the malicious file starts a chain that delivers the virus through two previously-repaired Microsoft Office vulnerabilities - CVE-2017-11882 (found in the Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1 and Microsoft Office 2016) and CVE-2018-0802 (found in the Microsoft Office 2007, 2010, 2013, and 2016 equation editor).

Hawkball communicates with a coded server C2 through HTTP, exporting the victim's information, including the computer name, user name, IP address, OEM page, operating system version, architecture details, etc. It also performs at least two techniques to check if a scan is being performed.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *