Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The new Gazer - the back door targets the ministries and embassies around the world
Security researchers at ESET have discovered a new malware with the aim of consular offices, ministries and embassies around the world to track governments and diplomatic activities.
Operating since 2016, this malware campaign uses a backdoor called Gazer, thought to be hacked by APT (persistent, intentional hacker) Turla, previously linked to Russian espionage. , proceed.
Gazer written in C ++ is a fake email intrusion door and hijack the target computer in two steps.
- Malware dropped on the back door of Skipper, which was also related to Turla earlier.
- Install elements of Gazer.
Diagram of operation principle of the Gazer rear door
In previous espionage campaigns, the Turla hack team used Carbon and Kazuar rear doors as malware in the second stage. According to research published by ESET ( https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf ), the following doors also have many similarities with Gazer.
The Gazer receives an encrypted command from a C&C server remotely and avoids being detected using a legitimate website that has been hacked into a proxy (these sites mostly use WordPress CMS). Instead of using Windows Crypto API, Gazer uses 3DES and RSA encryption libraries to encrypt data before sending it to C&C server. This is the familiar tactic of the APT Turla group.
The Gazer used the technique of inserting code to take control of the computer and hide it for a long time to steal information. It is also possible to transfer the received command with a poisoned endpoint to another poisoned device in the system.
So far ESET researchers have discovered four variants of Gazer, mainly spying in Southeastern Europe and former Soviet political groups. Interestingly, previous versions of Gazer received Comodo authentication for Solid Loop Ltd, while the latest version had SSL authentication from Ultimate Computer Support Ltd.
According to the researchers, Gazer has been used to infect many computers around the world, mainly in Europe. Kaspersky Lab also released similar details about Gazer but called it the APT campaign 'Whitebear' (White Bear).https://securelist.com/introducing-whitebear/81638/
Lesley MontoyaYou should read it
- Learn about Backdoor.Win32.Bredolab.eua malware
- Hacker 'implements' the backdoor onto Symbian firmware
- 'Backdoor' plugin, WordPress 3.2 RC2 launches
- Malicious Code EvilGnome attacks Linux systems with many rare tricks
- Alarm of dangerous bot, Trojan infection rate
- How many types of malware do you know and how to prevent them?
- Detects backdoor on NetSarang's server management software
- Detecting dangerous backdoors targeting both Windows, macOS and Linux
May be interested
- How to enable Back Tap on iOS 14, how to use Back Tap
back tap is a feature to touch the back of the iphone 2 or 3 times to perform certain actions that have just been added by apple on the ios 14 operating system version. - How to Make an Automatic Piston Door in Minecraftthis article shows you how to create an automatic piston door when you stand on a pressure sensor plate in the creative mode of the video game minecraft. you can do this in the desktop, mobile, and console versions of minecraft.
- Clean simple horizontal door washer with 4 ways to do thiscleaning of horizontal door washers is an extremely necessary task to help this device ensure the longevity and durability as well as bring the best washing effect. with the simple way of cleaning below, we are confident you will be able to use the cleanest, cleanest family washing machine.
- If you can open the plane in mid-air you will be a superman and this is whyany passenger who intends to open the emergency door when the plane is at 11,000 m altitude with your bare hands, forget it. it is unimaginable, because to do that you need to be so strong that you can lift two african elephants.
- The size of the main door 2 wings, 4 wingsthe size of the main door types 1 rolling, 2 wings, 4 wings standard, the most common is, please refer to the article below.
- Here are 8 reasons why the public toilet door always has space at the bottomtoilets in crowded public places are often designed close to each other and the toilet door always has space below. why is that? everything has its cause, let's find out!
- How to read the door log in Among Usamong us has an interesting feature that helps you get imposter easily. that is doorlog - diary of the door. here's how to read the room log in among us.
- How to Wire a Doorbellmost new homes come equipped with doorbells and there can be 1 for the front and 1 for the back door. the sounds they make can also vary from buzzers, chimes or melodies. at some point, you may want to change your doorbell system, add a...
- 11 famous inventions and inventions of Vietnamese people made the world admireatms, thought-controlled wheelchairs, creating stem cells from umbilical cord, submarines ... are some of the famous vietnamese inventions that shocked the world.
- Samsung horizontal washing machine 7kg, 8kg, 9kg which kind is good?if you are looking for this samsung brand washing machine then do not miss the article about 7kg, 8kg, 9kg horizontal samsung washing machines.
Attack the network
- A hacker in the United Kingdom found a way to temporarily encrypt the WannaCry malware
- Warning with 4 dangerous variants of WannaCry malware
- All about WannaCry, Ransomware has been confusing for the past few days
- If there is not enough ransom for the file, send an email to complain to the hacker, maybe you will get a surprise gift
- The hacker group threatened to spread the network attack tool behind WannaCry
- Watch out for new dangerous viruses similar to WannaCry
A hacker in the United Kingdom found a way to temporarily encrypt the WannaCry malware
Warning with 4 dangerous variants of WannaCry malware
All about WannaCry, Ransomware has been confusing for the past few days
If there is not enough ransom for the file, send an email to complain to the hacker, maybe you will get a surprise gift
The hacker group threatened to spread the network attack tool behind WannaCry
Watch out for new dangerous viruses similar to WannaCry