Cybersecurity researchers have discovered a new campaign in which hackers used two different attack frameworks and a backdoor that where developed by the NSA to spy on Russia, Iran, and Egypt.
The tools were leached in March 2017 by the Shadow Brokers – a Russian intelligence hacker group -which claimed they seized from the US spy agency NSA.
The famous tools are:
DanderSpritz — multiple plugins that gather intelligence, use exploits and examine already controlled machines.
FuzzBunch — a framework for different utilities to interact and work together which use various plugins to spy victims, exploit vulnerabilities, schedule tasks.
DarkPulsar backdoor which is a compilation of the already presented frameworks: FuzzBunch which is used in this case to exploit vulnerabilities and gain remote access to a targeted system, and DanderSpritz that in this case is used to observe and exfiltrate the data.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
After running a malware analysis on them cybersecurity researchers found that The FuzzBunch and DanderSpritz frameworks were designed to be flexible in order to extend functionality and compatibility with other tools. Each of them is formed from a set of plugins designed for different tasks: FuzzBunch plugins are responsible for reconnaissance and attacking a victim, and plugins in the DanderSpritz framework are developed for managing already infected victims.
The DarkPulsar backdoor offered researchers a much better understanding of its role as a bridge between the two leaked frameworks, and how they are part of the same attacking platform designed for long-term compromise.
Researchers say that the implementation of these capabilities, such as encapsulating its traffic into legitimate protocols and bypassing entering credentials to pass authentication, represent a highly professional work.
The ongoing campaign already made around 50 victims in Russia, Iran, and Egypt. The affected companies were linked to nuclear energy, telecoms, IT, aerospace and R&D.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.