Brother
Professional
- Messages
- 2,590
- Reaction score
- 479
- Points
- 83
A new modification of Decoy Dog helps hackers invisibly attack Linux systems.
The expert center Positive Technologies has discovered a new cyber group Hellhounds, which has already attacked at least 20 Russian companies and government agencies. Analysts note the high professionalism of attackers and the complexity of the tools they use.
In October of this year, the Positive Technologies incident investigation team discovered a compromise of a Russian energy company using a new modification of the Decoy Dog Trojan, which allows you to gain control over infected nodes, as well as develop an attack in a compromised infrastructure. The attackers modified the VPO, making detection and analysis more complex, and adding an additional data exchange channel with the operator (attacker) through a new telemetry function.
The company noted that Decoy Dog is a complex Trojan, and its latest modification makes it almost invisible. It effectively disguises itself in the data stream, mimicking legitimate traffic, collects data interesting to the APT grouping and uploads it to a little-known social network based on the open Mastodon engine.
The tools and methods used by hackers do not allow them to be assigned to any known grouping. In addition to the public sector and energy, they attacked companies in the areas of IT, space, construction, transport, telecom and others. The group's objectives are not yet clear, but at least one case of serious damage to the victim company is known.
According to Positive Technologies experts, one of the reasons for the success of attacks by this group is that companies very rarely use additional monitoring systems and antivirus programs on servers running Linux. They recommend paying more attention to protecting your Linux-based infrastructure. The detected compromised nodes once again confirm the fallacy of the approach that declares the invulnerability of this OS and its negligible vulnerability to attacks.
The expert center Positive Technologies has discovered a new cyber group Hellhounds, which has already attacked at least 20 Russian companies and government agencies. Analysts note the high professionalism of attackers and the complexity of the tools they use.
In October of this year, the Positive Technologies incident investigation team discovered a compromise of a Russian energy company using a new modification of the Decoy Dog Trojan, which allows you to gain control over infected nodes, as well as develop an attack in a compromised infrastructure. The attackers modified the VPO, making detection and analysis more complex, and adding an additional data exchange channel with the operator (attacker) through a new telemetry function.
The company noted that Decoy Dog is a complex Trojan, and its latest modification makes it almost invisible. It effectively disguises itself in the data stream, mimicking legitimate traffic, collects data interesting to the APT grouping and uploads it to a little-known social network based on the open Mastodon engine.
The tools and methods used by hackers do not allow them to be assigned to any known grouping. In addition to the public sector and energy, they attacked companies in the areas of IT, space, construction, transport, telecom and others. The group's objectives are not yet clear, but at least one case of serious damage to the victim company is known.
According to Positive Technologies experts, one of the reasons for the success of attacks by this group is that companies very rarely use additional monitoring systems and antivirus programs on servers running Linux. They recommend paying more attention to protecting your Linux-based infrastructure. The detected compromised nodes once again confirm the fallacy of the approach that declares the invulnerability of this OS and its negligible vulnerability to attacks.