CryptoBudha
    Demo
    What's Hot

    Santiment Analysis Reveals 3 Crypto Market Behaviors to Watch By … – Investing.com

    February 8, 2023

    Green Bitcoin Mining: Can Crypto Go Green? – YouHodler.com

    February 8, 2023

    Beijing regulator warns about NFT speculation, cites illegal fundraising risk – Yahoo Finance

    February 8, 2023
    Facebook Twitter Instagram
    • ABOUT US
    • CONTACT US
    • TERMS OF SERVICES
    Facebook Twitter Instagram
    CryptoBudha
    • Home
    • Cryptocurrency

      With 11,000 NFTs Minted to Bitcoin, Are Bitcoin Maxis Coming Around? – Decrypt

      February 8, 2023

      Crypto Lender SALT Raises $64.4M to Resume Operations – CoinDesk

      February 7, 2023

      ND to receive portion of multimillion-dollar cryptocurrency settlement – KFYR

      February 7, 2023

      EPLO Creates a Future of Listing on Top Cryptocurrency Exchanges – GlobeNewswire

      February 6, 2023

      Bitcoin Falls But Analyst Sees $23K-Level Hang As 'Good News' – Benzinga

      February 6, 2023
    • Blockchain

      Altcoin Daily to Produce and Star in New “Shark Tank of Crypto” TV … – Cryptonews

      February 8, 2023

      Today in Crypto: Lido V2 Upgrade to Bring Withdrawals and Staking … – Cryptonews

      February 7, 2023

      2022 was record year for North Korean crypto theft – Al Jazeera English

      February 7, 2023

      Move to Earn Platform Fight Out to List on XT.com 5th April – Nearly … – Cryptonews

      February 6, 2023

      5 Facts About the Internet Computer (ICP) Blockchain – BSC NEWS

      February 5, 2023
    • ICO

      Celsius Network Was Selling Its Customers’ Crypto to Prop Up CEL Token: Report – 24/7 Wall St.

      February 8, 2023

      Is it Too Late to Buy Terra Luna Classic? Crypto Experts Give Their … – Cryptonews

      February 7, 2023

      Should You Invest in Crypto During an Economic Downturn? – Gadgets Africa

      February 7, 2023

      ICOBID (ICOB) Down 0% Monday: What's Next? – InvestorsObserver

      February 6, 2023

      What can be the new definition of funding through Decentralised Autonomous Initial Coin Offerings – The Financial Express

      February 6, 2023
    • NFT

      Beijing regulator warns about NFT speculation, cites illegal fundraising risk – Yahoo Finance

      February 8, 2023

      Louis Vuitton Gets Kusama-fied – 10K NFTs Celebrating 200 Years … – Investing.com

      February 7, 2023

      File Sharing Service WeTransfer Partners With Blockchain Platform Minima on Mobile NFT Solution – CoinDesk

      February 7, 2023

      Louis Vuitton x Yayoi Kusama To Drop 10,000 NFTs – NFTevening.com

      February 6, 2023

      The potential NFT loan market, accessing liquidity through digital … – CryptoSlate

      February 5, 2023
    • Metaverse

      Four ways to enhance customer experience with the metaverse – Consultancy-me.com

      February 8, 2023

      Meta’s Horizon Worlds has been a dud. Now the company is hoping to open up its metaverse to teenagers – Fortune

      February 7, 2023

      Doritos to Give Away $25,000 in Polygon (MATIC) Metaverse … – Investing.com

      February 6, 2023

      Metaverse: Banking Beyond Borders – Global Finance

      February 6, 2023

      How to protect against crime in the metaverse By Cointelegraph – Investing.com

      February 5, 2023
    • More
      1. Analysis
      2. Regulations
      3. Mining
      4. View All

      Santiment Analysis Reveals 3 Crypto Market Behaviors to Watch By … – Investing.com

      February 8, 2023

      AXIS Token (AXIS): How Risky is It Tuesday? – InvestorsObserver

      February 7, 2023

      What Does a Risk Analysis Say About VouchForMe (IPL) Monday? – InvestorsObserver

      February 7, 2023

      Binance Coin price analysis: Can the bulls break through the … – Cryptopolitan

      February 6, 2023

      Dubai introduces new crypto regulations with fines of up to $135,000 – FinanceFeeds

      February 8, 2023

      Crypto investor thinks DC-reaction to FTX could have been much … – Axios

      February 7, 2023

      FASB to Proposes New Crypto Accounting Standard in March – Regulation Asia

      February 7, 2023

      South Korea releases guidelines for regulating security tokens – Kitco NEWS

      February 6, 2023

      Green Bitcoin Mining: Can Crypto Go Green? – YouHodler.com

      February 8, 2023

      The Web3 community responds to Turkish-Syrian earthquake tragedy – Cointelegraph

      February 7, 2023

      Top cryptocurrency news on February 7: BabyDoge Coin's impressive spike, crypto exchanges unite to aid… – Moneycontrol

      February 7, 2023

      Riot's Bitcoin Mining Still Crimped by December Storm in Texas – Bloomberg

      February 6, 2023
    CryptoBudha
    Home»Mining»Iranian Hackers Installed Crypto Miner in Federal Agency After Exploiting Unpatched Log4Shell Vulnerability
    iranian-hackers-installed-crypto-miner-in-federal-agency-after-exploiting-unpatched-log4shell-vulnerability_1500.jpg
    Mining

    Iranian Hackers Installed Crypto Miner in Federal Agency After Exploiting Unpatched Log4Shell Vulnerability

    adminBy adminNovember 26, 2022No Comments4 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email

    The Cybersecurity and Infrastructure Security Agency (CISA) said Iranian hackers failed to patch the Log4Shell vulnerability and compromised a federal agency that deployed cryptominers.of Log4Shell Vulnerability (CVE-2021-44228) is a critical remote code execution flaw in Apache’s Log4j logging library, popular with Java developers.

    of violation It occurred as early as February 2022, affecting an unnamed Federal Civilian Administration (FCEB).But the Washington Post Identified The federal agency compromised was the United States Merit System Protection Commission, according to people familiar with the case.

    Iranian Hackers Install XMRig Crypto Miner in Federal System

    CISA discovered the intrusion in April during a network-wide analysis using intrusion detection system Einstein. The security agency found “two-way traffic between a network and a known malicious IP address associated with exploiting the Log4Shell vulnerability.”

    CISA then conducted an “incident response operation” from mid-June to mid-July 2022 and discovered “suspicious advanced and persistent threat activity.”

    Once inside, Iranian hackers deployed the XMRig open-source XMRig crypto miner. This is popular with hackers to earn virtual currency using the victim’s computing resources. CISA’s analysis identified several files associated with the XMRig crypto miner, including WinRing0x64.sys, the XMRig Miner driver, and the crypto miner service wacltservice.exe.

    The response team also identified another file, RuntimeBroker.exe, associated with a cryptominer that could create local user accounts and check internet connectivity.

    “A cyberthreat actor exploited the log4shell vulnerability in the XMRig crypto-mining software installed on an unpatched VMware Horizon Server to laterally move to a domain controller (DC) and exfiltrate credentials. We compromised and implanted Ngrok reverse proxies on multiple hosts to maintain persistence,” the report notes.

    The Iranian hackers also changed the passwords of local administrator accounts on multiple hosts as a backup access method in case access to compromised systems were suspended. Additionally, they attempted to use his Windows Task Manager to dump the Local Security Authority Subsystem Service (LSASS) process, which was blocked by antivirus software. According to Microsoft, the attacker targeted her LSASS because it stores passwords for both local and domain administrators. As such, legitimate tools like PsExec and Windows Management Instrumentation (WMI) can be used to dump credentials without suspicion.

    Iranian hackers installed a cryptocurrency miner, but earning cryptocurrency could have been the next target of cyber espionage campaigns. Christopher Hallenbeck, Chief Information Security Officer, Americas tanium “Nation-state attackers may engage in financially motivated hacking as a way to strengthen operations and preserve funds, especially in the face of economic uncertainty and other financial sanctions.”

    “North Korean hackers have been previously reported to be involved in large-scale money theft, so reports of Iranian government-backed hackers doing the same are not surprising,” Hallenbeck said. Stated.

    Mike Parkin, Senior Technical Engineer vulcan cyber We consider the deployment of cryptominers to be an added bonus and a disguise for criminal activity.

    “The real question when targeting crypto-mining malware is why not? It is not uncommon for nation-states and state-sponsored threat actors to behave like common cybercriminal groups. It can help obfuscate the source of threats and at the same time generate extra cash from criminal activity.”

    Similarly, Karl Steinkamp, ​​Director of Delivery Transformation and Automation, said: charcoal fire We believe that installing cryptominers was not uncommon for nation-state attackers.

    “It is not uncommon for malicious individuals/groups to bundle XMRig, a flexible and lightweight cryptocurrency miner, with other exploits and persistent threat mechanisms.”

    Iranian hackers exploit unpatched Log4Shell vulnerability in VMware Horizon servers

    According to a joint advisory by CISA and the FBI, hackers suspected of being backed by the Iranian government exploited an unpatched Log4Shell vulnerability in the logging library affecting VMware’s Horizon server.

    VMware released a patch for the Log4Shell vulnerability in December 2021, while the Log4j maintainers also patched their systems in the same month. In addition, CISA has directed all federal civilian agencies to patch their systems by Dec. 23, and released tools to help organizations detect his Log4Shell vulnerability in their systems.

    Security experts believe the Log4Shell vulnerability abused over the yearsAccording to CISA, any organization that does not patch the vulnerability should be considered compromised.

    Iranian hackers installed #cryptominers on federal agency networks after exploiting #Log4Shell vulnerability in VMWare Horizon servers. The attacker moved laterally to her DC and placed a reverse her proxy to maintain persistence. #cybersecurity #respectdataclick to tweet

    “When Log4Shell was first announced, most security experts believed this was a long-standing problem given the number of places vulnerable software was embedded and the difficulty of identifying its existence. I knew it was going to happen,” said Hallenbeck. “We expect to continue to see reports like this exploiting unknown vulnerabilities hidden not only in Log4Shell, but also in the Software Bill Of Materials (SBOM). , moving forward with plans to require that an SBOM be created for all software deployed on federal systems.”

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    admin
    • Website

    Related Posts

    Green Bitcoin Mining: Can Crypto Go Green? – YouHodler.com

    February 8, 2023

    The Web3 community responds to Turkish-Syrian earthquake tragedy – Cointelegraph

    February 7, 2023

    Top cryptocurrency news on February 7: BabyDoge Coin's impressive spike, crypto exchanges unite to aid… – Moneycontrol

    February 7, 2023

    Riot's Bitcoin Mining Still Crimped by December Storm in Texas – Bloomberg

    February 6, 2023
    Add A Comment

    Leave A Reply Cancel Reply

    banner
    Top Posts

    Subscribe to Updates

    Get the latest sports news from SportsSite about soccer, football and tennis.

    Advertisement
    Demo
    About Us:

    Your source for the serious news. cryptobudha is crafted specifically to exhibit the lest crypto related News. Visit our main page for more News or contact us

    Email : timeaustralian@yahoo.com

    We're social. Connect with us:

    Facebook Twitter Instagram
    Latest Posts

    Mythic Quest Season 3 Trailer Explores the Metaverse, Janitor Brad, & More

    September 10, 2022

    Snapchat CEO Still Figuring Out Meta’s Metaverse Vision –

    September 10, 2022

    Global Non-fungible Token (NFT) Market Analysis Report 2022

    September 8, 2022
    Get Informed

    Subscribe to Updates

    Get the latest creative news about the crypto world .

    Facebook Twitter Instagram Pinterest
    • ABOUT US
    • CONTACT US
    • TERMS OF SERVICES
    © 2023 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.

    Subscribe
    Get the latest creative news about the crypto world.

    We are using cookies to give you the best experience on our website.

    You can find out more about which cookies we are using or switch them off in settings.

    CryptoBudha
    Powered by  GDPR Cookie Compliance
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

    Strictly Necessary Cookies

    Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

    If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.