Search This Blog

Powered by Blogger.

Blog Archive

Labels

Russian Speaking Hacker Compromises and Gains the Full Control of the Government Network Systems

Hackers utilize the weaponized TeamViewer to Attack in order to gain full control of the government networks.


Another rush of cyber-attacks from a Russian speaking hacker has been recently discovered by researchers and distinguished as one who utilizes the weaponized TeamViewer, the most mainstream and popular device used for remote desktop control, desktop sharing, online gatherings, web conferencing as well as record exchange between computers, to compromise and deal with the Government network systems.

This malignant campaign ceaselessly utilizes TeamViewer by adding TeamViewer DLL in order to deliver powerful malware that steals sensitive data and money from the various governments with addition to the financial systems.

In view of the whole infection chain, the tools created and utilized in this attack, the underground activity influences the analysts to believe that the attack was led by a financially inspired Russian speaking hacker.

The underlying phase of this infection chain begins by delivering a spam email under the subject of "Military Financing Program" with the attached malevolent XLSM document with installed macros.

A well-crafted malevolent document acted like the U.S Department of State which is marked as "top secret” persuading the victims to open it. When the victims open that 'decoy document' and empower the macro, there are two files extricated from the hex encoded cells in the XLSM document.



The first one is a legitimate AutoHotkeyU32.exe program, the second one on the other hand is an AutoHotkeyU32.ahk which is also an AHK script to communicate with C&C server to download the additional script and execute it.

By means of using this strategy, attackers concealing the TeamViewer interface from the users view, sparing the current TeamViewer session credentials to a text file and allows the exchange and execution of extra EXE o DLL documents 

In light of the Telemetry record, this attack is said to be focusing on nations including Nepal, Guyana, Kenya, Italy, Liberia, Bermuda, Lebano public financial sector in addition to the government officials.

Share it:

cyber attack

Hacking

Spam