Breach
US Department of Justice (DOJ) Hacked
An unnamed hacker has claimed to have stolen approximately 200GB of sensitive credentials from the DOJ and the FBI, including emails, phone numbers, names, job titles, and addresses. The hacker managed to compromise the email account of a DOJ employee and use that account to get virtual access to the employee’s work computer, according to Motherboard. The hacker released the details of 9,000 Department of Homeland Security employees on Monday, February 8, through a Twitter account with pro-Palestinian messages. The Twitter account claims that the details of another 20,000 FBI employees will be released next and the Justice Department is currently investigating this “unauthorized access.”
References: Hacker Plans to Dump Alleged Details of 20,000 FBI, 9,000 DHS Employees | US Department of Justice Hacked: 9,000 DHS Employees Exposed, FBI To Be Next
Mitigation Strategies:
- Log management could detect any suspicious user account activity.
- Network traffic analysis to detect data exfiltration
- 24×7 Security Monitoring to provide anomaly detection
Malware
New T9000 malware targets Skype users
Palo Alto Networks has discovered a new and more sophisticated variation of older malware T5000, which they have dubbed T9000. This new malware can infect a user’s computer and is capable of stealing files, taking screengrabs, and recording audio, video, and text conversations on Skype. The T9000 features a multi-stage installation process, which can check for the presence of malware analysis tools, making it much harder to detect than its predecessor. Another piece of added complexity is that T9000 is versatile enough to be used against any target the attacker wants to compromise, from individuals to larger organizations. Microsoft has taken notice of this new piece of malware and has released security updates to protect customers from the T9000 malware.
References: T9000 Backdoor Malware Targets Skype Users, Records Conversations | T9000 Skype Backdoor Malware Steals Audio, Video, Chats, Screenshots, Documents | T9000 Backdoor, A Sophisticated Malware That Spies on Skype Users
Mitigation Strategies:
- Network traffic analysis to detect data exfiltration
- Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
- Log management could detect any suspicious user account activity.
- 24×7 Security Monitoring to provide anomaly detection
Top 20 IP Addresses
37.46.133.10 | 118.170.130.207 |
81.183.56.217 | 188.118.2.26 |
114.44.192.128 | 120.26.115.52 |
31.170.104.60 | 183.60.48.25 |
87.222.67.194 | 51.254.23.230 |
183.3.202.108 | 61.135.223.212 |
59.174.110.184 | 60.191.74.83 |
58.221.46.24 | 89.45.67.75 |
180.97.215.232 | 216.243.31.2 |
93.174.95.77 | 103.243.107.26 |
*IP addresses provided by Recorded Future.