Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » New Hawkball backdoor attacks government sector in Central Asia

New Hawkball backdoor attacks government sector in Central Asia

A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs.

Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author and malware researcher Swapnil Patil. These include surveying the host and collecting victim information; delivering additional payloads; creating a named pipe to execute native Windows commands; terminating processes; creating, deleting and uploading files; and enumerating drives.

To deliver the backdoor, the attackers used a malicious decoy file that purports to come from anti-terrorist organization with a focus on the post-Soviet republics making up the Commonwealth of Independent States. The decoy document’s title is roughly translated from Russian to English as “Collection of the Guiding Composition of Anti-terroristic Security Units and Special Services of the CIS States.”

Benjamin Read, senior manager of cyber espionage analysis, said FireEye researchers believe the malicious file was likely used in February 2019. “We don’t have specific insight into the entity targeted, but assessed that the lure content would be appealing to a government.” said Read.

Opening the malicious file commences an infection chain that delivers the payload via two previously patched Microsoft Office memory corruption vulnerabilities – CVE-2017-11882 (found in Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1 and Microsoft Office 2016 ) and CVE-2018-0802 (found in the Equation Editor in Microsoft Office 2007, 2010, 2013 and 2016).

Hawkball communicates with a hard-coded C2 server over HTTP, exfiltrating the victim’s information, including the computer name, user name, IP address, OEM page, OS version, architecture details and more. It also performs at least two techniques to check if it is being debugged

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Juniper Firewall
Cisco Firewall
Checkpoint Firewall
paloalto Firewall
Fortinet Firewall
Forcepoint Firewall

 

Sophos Firewall
WatchGuard Firewall
Barracuda Firewall
Sonicwall Firewall
GajShield Firewall
Seqrite Firewall

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Firm is a Managed Firewall Security Solution Provider Company in India | Digital Marketing by SEO Company India | Powered by IT Monteur