CarderPlanet
Professional
Following Qihoo 360, researchers at the Chinese Xitan Laboratory continue a single echelon of large-scale pendosliv, shattering the paradigm of the Western infosec, where evil totalitarian hackers are necessarily attributed only to Russia, China, Iran and North Korea.
A new wave of criticism after the sharp statement of the Ministry of State Security of the People's Republic of China with the exposure of American cyber operations caused Xitan Laboratory report with analysis on five backdoors that were used by the US NSA to hack Xi'an Northwestern Polytechnic University in June last year.
The new findings were based on a study of analytics from the National Computer Virus Response Center and 360 Security Company reports, combined with foreign research reports on American APTs.
As a result, their arsenal was revealed, which included such backdoors as NOPEN (for Linux peripherals and systems), FireJet (for Windows hosts), SecondDate (implements a MITM attack from the point of view of network equipment), CunningHeretic (for stability) and StoicSurgeon (used in combination with NOPEN to implement various hidden attacks). functions).
The first of them was implemented by the US NSA due to various vulnerabilities for managing border devices and network equipment based on unix / linux systems, including FreeBSD, SunOS, HP-UX, Solaris, Linux, and so on.
SecondDate is one of the most important tools in attacks and is usually used in conjunction with Foxacid. Malware usually functions in gateway servers, edge routers, and firewall devices for a long time.
FuryJet is a remote control Trojan with a graphical interface that can generate more than 20 types of payloads and has effective anti-analysis and anti-debugging functions. It can be combined with Eternal Blue, Eternal Romance, Double Pulsar, and other Windows vulnerabilities from the Equation Toolkit for conducting attacks.
CunningHeretic is a simple tool for introducing backdoors, which is removed after launch. It implements privilege escalation.*It can hide in the target device for a long time and run automatically with the system. It is mainly used for achieving stability.
The latest of these is an advanced rootkit backdoor for four OS types, including Linux, Solaris, JunOS, and FreeBSD, which can be used in conjunction with the Dewdrop module. It is mainly used to hide NOPEN files and processes to avoid detection.
In their report, the Chinese also gave some technical specifications for all these tools, announcing to provide new details of the espionage arsenal of American weapons, as well as related incidents.
In turn, the Americans did not remain in debt and rolled out their earnings. But more on that later.
A new wave of criticism after the sharp statement of the Ministry of State Security of the People's Republic of China with the exposure of American cyber operations caused Xitan Laboratory report with analysis on five backdoors that were used by the US NSA to hack Xi'an Northwestern Polytechnic University in June last year.
The new findings were based on a study of analytics from the National Computer Virus Response Center and 360 Security Company reports, combined with foreign research reports on American APTs.
As a result, their arsenal was revealed, which included such backdoors as NOPEN (for Linux peripherals and systems), FireJet (for Windows hosts), SecondDate (implements a MITM attack from the point of view of network equipment), CunningHeretic (for stability) and StoicSurgeon (used in combination with NOPEN to implement various hidden attacks). functions).
The first of them was implemented by the US NSA due to various vulnerabilities for managing border devices and network equipment based on unix / linux systems, including FreeBSD, SunOS, HP-UX, Solaris, Linux, and so on.
SecondDate is one of the most important tools in attacks and is usually used in conjunction with Foxacid. Malware usually functions in gateway servers, edge routers, and firewall devices for a long time.
FuryJet is a remote control Trojan with a graphical interface that can generate more than 20 types of payloads and has effective anti-analysis and anti-debugging functions. It can be combined with Eternal Blue, Eternal Romance, Double Pulsar, and other Windows vulnerabilities from the Equation Toolkit for conducting attacks.
CunningHeretic is a simple tool for introducing backdoors, which is removed after launch. It implements privilege escalation.*It can hide in the target device for a long time and run automatically with the system. It is mainly used for achieving stability.
The latest of these is an advanced rootkit backdoor for four OS types, including Linux, Solaris, JunOS, and FreeBSD, which can be used in conjunction with the Dewdrop module. It is mainly used to hide NOPEN files and processes to avoid detection.
In their report, the Chinese also gave some technical specifications for all these tools, announcing to provide new details of the espionage arsenal of American weapons, as well as related incidents.
In turn, the Americans did not remain in debt and rolled out their earnings. But more on that later.
