Information Security News mailing list archives
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 4 Oct 2019 09:14:50 +0000 (UTC)
https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec By Kim Zetter Vice.com October 3, 2019Nation-state spy agencies are only as good as their operational security—the care they take to keep their digital spy operations from being discovered. But occasionally a government threat actor appears on the scene that gets it all wrong.
This is the case with a threat actor recently discovered by Kaspersky Lab that it’s calling SandCat—believed to be Uzbekistan’s repressive and much-feared intelligence agency, the State Security Service (SSS).
The group’s lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky’s antivirus software on machines it uses to write new malware, allowing Kaspersky to detect and grab malicious code still in development before it’s deployed; and embedding a screenshot of one of its developer’s machines in a test file, exposing a major attack platform as it was in development. The group’s mistakes led Kaspersky to discover four zero-day exploits SandCat had purchased from third-party brokers to target victim machines, effectively rendering those exploits ineffective. And the mistakes not only allowed Kaspersky to track the Uzbek spy agency’s activity but also the activity of other nation-state groups in Saudi Arabia and the United Arab Emirates who were using some of the same exploits SandCat was using.
“These guys [Uzbekistan's intelligence agency] have been around for quite a long time and up until now I’d never heard of Uzbekistan having a cyber capability," said Brian Bartholomew, a researcher with Kaspersky’s Global Research and Analysis Team who will present his findings about SandCat today in London at the VirusBulletin conference. “So it was kind of a shocker to me to know that they ... were buying all of [these exploits] and targeting all these people and yet no one has ever written about them.”
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC InfoSec News (Oct 04)