Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The new Gazer - the back door targets the ministries and embassies around the world
Security researchers at ESET have discovered a new malware with the aim of consular offices, ministries and embassies around the world to track governments and diplomatic activities.
Operating since 2016, this malware campaign uses a backdoor called Gazer, thought to be hacked by APT (persistent, intentional hacker) Turla, previously linked to Russian espionage. , proceed.
Gazer written in C ++ is a fake email intrusion door and hijack the target computer in two steps.
- Malware dropped on the back door of Skipper, which was also related to Turla earlier.
- Install elements of Gazer.
Diagram of operation principle of the Gazer rear door
In previous espionage campaigns, the Turla hack team used Carbon and Kazuar rear doors as malware in the second stage. According to research published by ESET ( https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf ), the following doors also have many similarities with Gazer.
The Gazer receives an encrypted command from a C&C server remotely and avoids being detected using a legitimate website that has been hacked into a proxy (these sites mostly use WordPress CMS). Instead of using Windows Crypto API, Gazer uses 3DES and RSA encryption libraries to encrypt data before sending it to C&C server. This is the familiar tactic of the APT Turla group.
The Gazer used the technique of inserting code to take control of the computer and hide it for a long time to steal information. It is also possible to transfer the received command with a poisoned endpoint to another poisoned device in the system.
So far ESET researchers have discovered four variants of Gazer, mainly spying in Southeastern Europe and former Soviet political groups. Interestingly, previous versions of Gazer received Comodo authentication for Solid Loop Ltd, while the latest version had SSL authentication from Ultimate Computer Support Ltd.
According to the researchers, Gazer has been used to infect many computers around the world, mainly in Europe. Kaspersky Lab also released similar details about Gazer but called it the APT campaign 'Whitebear' (White Bear).https://securelist.com/introducing-whitebear/81638/
Lesley MontoyaYou should read it
- Learn about Backdoor.Win32.Bredolab.eua malware
- Hacker 'implements' the backdoor onto Symbian firmware
- 'Backdoor' plugin, WordPress 3.2 RC2 launches
- Malicious Code EvilGnome attacks Linux systems with many rare tricks
- Alarm of dangerous bot, Trojan infection rate
- How many types of malware do you know and how to prevent them?
- Detects backdoor on NetSarang's server management software
- Detecting dangerous backdoors targeting both Windows, macOS and Linux
May be interested
- A hacker in the United Kingdom found a way to temporarily encrypt the WannaCry malware
how can fantastic hackers get back stolen data without a penny? - Warning with 4 dangerous variants of WannaCry malwarethe malicious code wannacry crippled the worldwide network in just a few hours after it appeared. in addition, 4 variants of wannacry malicious code are equally dangerous.
- All about WannaCry, Ransomware has been confusing for the past few daysthe article will provide some knowledge about wannacry and the most important security tips you should take and share with your acquaintances to prevent computers from ransomware wannacry.
- If there is not enough ransom for the file, send an email to complain to the hacker, maybe you will get a surprise giftdue to the low income and inability to pay ransom, a victim sent an email to the hacker and received unexpected results.
- The hacker group threatened to spread the network attack tool behind WannaCrythe tool used by the hacker group to create the wannacry global cyber attack is about to be released.
- Watch out for new dangerous viruses similar to WannaCryanother type of computer virus that exploits a security hole in the windows operating system, such as the wannacry malicious code, has spread more than 200,000 devices and helped hackers hack silver.
Attack the network
The 'magic' box can open all kinds of smart door locks in 3 seconds- Detects backdoor on NetSarang's server management software
- How to open a horizontal door washer safely while washing
- Top 3 best horizontal door washer LG today
- Close the door when turning on the air conditioner, everyone thinks it's right, turns out the mistake is not good for health
The 'magic' box can open all kinds of smart door locks in 3 seconds
Detects backdoor on NetSarang's server management software
How to open a horizontal door washer safely while washing
Top 3 best horizontal door washer LG today
Close the door when turning on the air conditioner, everyone thinks it's right, turns out the mistake is not good for health