Cyberespionage group might have “full access” to Indian govt networks: Kaspersky

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
Kaspersky Lab’s has claimed that the Danti cyberespionage group, which is highly focused on diplomatic entities, may “already have full access to internal networks in Indian government organisations”. The security firm claimed “the threat actors behind Danti have created emails in the names of several high-ranking Indian government officials”.

Noting that it has been observing a wave of cyberespionage attacks exploiting a “CVE-2015-2545 vulnerability” in Microsoft Office software in the Asia-Pacific region, Kaspersky said that once the exploitation of the vulnerability takes place, the Danti backdoor is installed and this subsequently provides the threat actor with access to the infected machine so they can withdraw sensitive data, it added. The vulnerability was patched at the end of 2015, but still appears to be of use to these threat actors.

The Kaspersky Security Network said some Danti Trojans, delivered through spear-phishing emails, have also been detected in Kazakhstan, Kyrgyzstan, Uzbekistan, Myanmar, Nepal and the Philippines. The activity was first spotted at the beginning of February and is present even today.
“The Platinum, APT16, EvilPost and SPIVY groups were already known to use the exploit,” the note said.


While the origin of Danti is unknown, Kaspersky Lab researchers suspect the group is somehow connected to the Nettraveler and DragonOK groups powered by “Chinese-speaking hackers”.
“We expect to see more incidents with this exploit, and continue to monitor new waves of attacks and the potential relationship with other attacks in the region. Waves of attacks conducted with the help of just one vulnerability suggests two things: firstly, that threat actors tend not to invest many resources into the development of sophisticated tools, like zero-day exploits, when 1-day exploits will work almost as well. Secondly, the patch-adoption rate in the target companies and government organisations is low,”said Alex Gostev, Chief Security Expert at Kaspersky Lab Research Center in APAC, urging companies to pay closer attention to patch-management in their IT infrastructure.

“The CVE-2015-2545 error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The severity of the exploit for this vulnerability is high because it uses PostScript technique and can evade Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) protection methods embedded in Windows,” Kaspersky Labs claimed.
 

Entreri

Level 7
Verified
May 25, 2015
342
It's normal and super easy. Indian systems, probably still using WinXP or even 95/98. India needs to go back to using typewriters for their secret stuff.

If US systems can be hacked, the 3rd world has no chance. Email system 100% guarantee of working, unless it is idiot proof, humans are curious animals.

If Linux, Mac OS can be hacked, Windows, even 10 has no chance (especially with so many connections it makes and things like wifi-sense).
 
  • Like
Reactions: DardiM

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Since the word '3rd world country' is mentioned, then expect that security in related for I.T is too passive and not priority.

Security companies here (mostly Asian countries) are like technical standby station which they exist if security incident occurred however the government did not provide any attention to praise or provide incentives.
 
  • Like
Reactions: DardiM

Aleeyen

Level 22
Verified
Top Poster
Well-known
Nov 19, 2012
1,121
Its nothing to do with being 3rd world country, it actually the mindset (cunningness) of the governments. Govt only focuses on those aspects which people can see and leaves those which are hidden and can become serious. Its like cleaning the front part of your house as people are able to see it all the time and putting the garbage in the backyard as nobody notices it. But this garbage will sometime become a hazard.
 
  • Like
Reactions: DardiM

Entreri

Level 7
Verified
May 25, 2015
342
That applies to the first world.

Money and resources/trained personnel are sorely lacking in the 3rd world. Unless it becomes a major, major crisis that will never change and it will take a lot of $ and time.

Elite hackers can hack into secure US systems (all the tech innovations=Silicone Valley, the Superpower, where the tech revolution began, the brain trust), third world will never stand a chance.

One good thing, they have so little $$$, that the truly elite hackers will pass them by, so it is not all bleak.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@jogs: Well since its a developing country then usually they took behind on security matters. Hence attacks are so easy and I.T sectors will only appear when incidents occurred.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top