US Department of Justice Hacked

This week, we hear the latest on the US Department of Justice hack and the emergence of the T9000 malware that targets Skype users.

Breach

US Department of Justice (DOJ) Hacked

An unnamed hacker has claimed to have stolen approximately 200GB of sensitive credentials from the DOJ and the FBI, including emails, phone numbers, names, job titles, and addresses. The hacker managed to compromise the email account of a DOJ employee and use that account to get virtual access to the employee’s work computer, according to Motherboard. The hacker released the details of 9,000 Department of Homeland Security employees on Monday, February 8, through a Twitter account with pro-Palestinian messages. The Twitter account claims that the details of another 20,000 FBI employees will be released next and the Justice Department is currently investigating this “unauthorized access.”

References: Hacker Plans to Dump Alleged Details of 20,000 FBI, 9,000 DHS Employees | Feds Probe Apparent Breach of FBI, DHS Worker Data | US Department of Justice Hacked: 9,000 DHS Employees Exposed, FBI To Be Next

Mitigation Strategies:

Malware

New T9000 malware targets Skype users

Palo Alto Networks has discovered a new and more sophisticated variation of older malware T5000, which they have dubbed T9000. This new malware can infect a user’s computer and is capable of stealing files, taking screengrabs, and recording audio, video, and text conversations on Skype. The T9000 features a multi-stage installation process, which can check for the presence of malware analysis tools, making it much harder to detect than its predecessor. Another piece of added complexity is that T9000 is versatile enough to be used against any target the attacker wants to compromise, from individuals to larger organizations. Microsoft has taken notice of this new piece of malware and has released security updates to protect customers from the T9000 malware.

References: T9000 Backdoor Malware Targets Skype Users, Records Conversations | T9000 Skype Backdoor Malware Steals Audio, Video, Chats, Screenshots, Documents | T9000 Backdoor, A Sophisticated Malware That Spies on Skype Users

Mitigation Strategies:

Top 20 IP Addresses

37.46.133.10 118.170.130.207
81.183.56.217 188.118.2.26
114.44.192.128 120.26.115.52
31.170.104.60 183.60.48.25
87.222.67.194 51.254.23.230
183.3.202.108 61.135.223.212
59.174.110.184 60.191.74.83
58.221.46.24 89.45.67.75
180.97.215.232 216.243.31.2
93.174.95.77 103.243.107.26

*IP addresses provided by Recorded Future.