Russian Hackers Penetrate Democratic National Committee

This week we hear about Russian hackers penetrating Democratic National Committee and how Vawtrack Malware v.2 was discovered.

Breach

Russian Hackers Penetrate Democratic National Committee

According to committee officials and security experts, the Democratic National Committee (DNC) was penetrated by hacking groups linked to the Russian government. For the past year, the Sofacy and MiniDuke APT groups which are known to be affiliated to Russian intelligence agencies, have had access to emails, chats and research done by the DNC on Republican presidential nominee Donald Trump. Both groups, which worked independently and most likely didn’t know the other were hacking the same information, used spear phishing emails to penetrate the system.

DNC officials wanted to quell the fear of donors and other fundraisers that no sensitive financial information was disclosed and that the attacks were purely political in nature. With the information stolen, the Russian government has a better idea of the strengths and weaknesses of the next potential President of the United States.

References: DNC Hacked, Research on Trump Stolen | What Russia's DNC Hack Tells Us About Hillary Clinton's Private Email Server | Russian government hackers penetrated DNC, stole opposition research on Trump

Mitigation Strategies:

  • Mail filtration would scan incoming files and hyperlinks of any malicious links or codes.
  • Network traffic analysis to detect data exfiltration.
  • IDS signatures would detect the intrusion and possible data leakage.

Malware

New Malware Discovered Targeting Industrial Systems

Researchers at SophosLabs have discovered a new variant of the banking Trojan, Vawtrack, attacking banks in countries not formerly known to be targeted. Vawtrack is available on the dark web for rent as Malware-as-a-Service and has been known to attack banking institutions in the US, the UK, and many other European and Asian countries. On top of targeting additional countries, Vawtrack now has added capabilities due to its modular architecture, allowing its creators to add features once installed on a user’s computer.

Due to increased levels of obfuscation and changes in the encryption of the Trojan, researchers are having trouble reverse-engineering the malware and it has even broken tools they have used. The usage of the Trojan is still alive and well and developers are actively engineering the malware with a very active customer base. 

References: Vawtrak malware updated to break tools used by researchers | Vawtrack Banking Trojan Is Alive and Well, v2 Recently Discovered | Vawtrak Banking Malware Gets Stronger

Mitigation Strategies:

Top 20 IP Addresses

46.109.168.179 118.170.130.207
81.183.56.217 188.118.2.26
80.82.65.219 94.242.255.196
173.254.236.30 93.174.93.94
114.44.192.128 87.222.67.194
188.165.157.176 103.55.25.75
93.190.143.42 93.190.143.55
114.215.155.227 58.185.36.27
114.35.148.9 192.185.77.66
121.18.238.11 212.217.54.61

*IP addresses provided by Recorded Future.