Monday, February 22, 05:24
Home security Solaris zero day: Hacking group attacks corporate networks

Solaris zero day: Hacking group attacks corporate networks

According to Mandiant, a Hacking group known as UNC1945, used a vulnerability zero day in the operating system Oracle Solaris to perform attacks in corporate networks.

Solaris

UNC1945 usually selected targets in the telecommunications, financial and consulting sectors, as Mandiant stated in a exhibition her.

While the UNC1945 team has been active since 2018, Mandiant says it caught the eye earlier this year when it launched a new zero day at Oracle Solaris.

Known as CVE-2020-14871, the zero-day was located at Solaris Pluggable Authentication Module (PAM) which allowed UNC1945 to bypass authentication procedures and install one backdoor with the name SLAPSTICK on Solaris servers exposed to Internet.

The Hacking group then used this backdoor as an entry point to start corporate reconnaissance operations and move sideways to other systems.

To avoid detection, the team downloaded and installed a virtual machine QEMU running a version of it Tiny Core Linux OS.

cybersecurity-privacy protection-Australia

This custom Linux VM comes pre-installed with various tools hacking such as network scanners, password trackers, and authentication tools, which allowed UNC1945 to scan a company's internal network for vulnerabilities and move sideways across multiple systems, regardless of whether they were running Windows or Systems based on * NIX.

Mandiant said it reported zero day to Oracle earlier this year after discovering signs of exploitation during an investigation.

The bug was fixed last month with Oracle October 2020 security updates.

Mandiant said that while UNC1945 has been active for several years, it spotted Solaris zero day when a confirmed infringement. However, this does not mean that the zero day vulnerability was not exploited by other corporate networks.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...