Bellevue Website Hacked & Malware Targets Linux Systems

This week, the Alert Logic team highlights highlights City of Bellevue Website Hacked and the Malware Targeting Linux Systems. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

City of Bellevue Website Hacked

The City of Bellevue's website was hacked on July 3, by a group that purports to be supportive of the Islamic State terrorist group. The city's homepage at Bellevue.net was replaced by a message that says "Hacked By Team System Dz" and "I Love Islamic state."

City officials say their web provider is looking into the hack, and the message has been removed.

References: Website of Bellevue City Hacked | Bellevue City Website Hacked | City of Bellevue Website Hacked by Pro-ISIS Group

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Web application firewall management and advanced anomaly detection.
  • FIM solution would detect any type of file modification or addition
  • Log management could detect any suspicious user account activity.

Malware

Malware Targeting Linux Systems

WikiLeaks has just published a new leak, this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems.

Dubbed OutlawCountry, the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data. 

References: Linux Malware: Leak Exposes CIA's OutlawCountry Hacking Toolkit | WikiLeaks Reveals CIA Targeting Linux Users with OutlawCountry Malware | Leaked “Malware” OutlawCountry Review

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity and collect system log of USB activity.

This Week's Suspicious IP Addresses

212.83.151.223 221.194.44.212
103.207.37.34 116.31.116.47
103.207.37.239 58.218.200.8

*IP addresses provided by Recorded Future.