Global Shipping Giant Maersk is among a slew of companies across the globe that was hit by the Petya ransomware virus. The cyber attack was among the biggest-ever disruptions to hit global shipping. The computer virus, which researchers are calling GoldenEye or Petya, began its spread on June 27, in Ukraine and affected companies in dozens of countries. The virus, similar to the WannaCry virus, which hit earlier this year, also hit global advertising house WPP, and the Ukrainian government systems.
References: Maersk Ransomware Attack May Hit 'Tens of Thousands' of Shippers, Warns Analyst | Global Shipping Giant Maersk Is Reeling From the Ransomware Fallout | Rosneft, Maersk Hit by Petya Cyber Attack
The latest CIA documents released by WikiLeaks as part of the Vault 7 dump explain how a tool suite called Brutal Kangaroo can infect Windows machines on air-gapped networks by using USB drives. According to the documents, CIA agents can infiltrate a closed network within an organization or enterprise without direct access.
A Brutal Kangaroo infection requires multiple steps. Brutal Kangaroo utilizes four components to infect isolated computers and execute arbitrary code. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.
References: Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly | Brutal Kangaroo is the CIA Tool Suite for Hacking Air-Gapped Networks | WikiLeaks: CIA's Brutal Kangaroo Toolset Lets Malware Hop onto Closed Networks
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.