Found researchers from the cyber security unit of Cisco, the The Talos Talos, on the group hacking highly sophisticated receive support by the nation-state, which threaten to undermine the systems that keep the work site, where the targeted group is an essential part of the infrastructure of the internet while attempting to steal confidential information.
Noted researchers Talon to use the group to offer known as “hijacking of the domain name system DNS” in order to target 40 organizations and government agencies and intelligence, the Ministry of Foreign Affairs, energy companies are prominent, along with a large number of telecommunications companies, internet service providers, in 13 countries around the world, for more than two years.
He said the report of the Talos issued Wednesday: “we assess with high confidence that these processes are completely different and independent from the operations carried out by the campaign of piracy DNSpionage”.
Targeted group are mainly countries in the Middle East and North Africa, and the Talon group name “sea turtles” Sea Turtle, which is targeting companies by the seizure of the domain name system DNS, which allows hackers to direct the domain name of the target to the server harmful of their choice.
And this technique known defects in the system of domain names DNS, which can be used to deceive the victims of the companies in order to deliver their data through login pages a fake.
Related topics what you read now:
Said Craig Williams Craig Williams, director of communication at Cisco Talos: “this new group operates in a manner relatively unique we’ve never seen before, through the use of methods, techniques, and procedures.”
And hackers in the beginning, a specific goal by using the technique of phishing, so in order to get a foothold on the network, then use the defects known to target servers and routers for passwords of the network.
And used hackers that data to target registered the DNS of the organization, by updating its records, so that indicates the name of the domain to a server controlled by the hackers, rather than an Internet Protocol address IP address of the server goal.
Once the scope refers to the target to the server harmful, the Can hackers turn the process of an attack “man in the middle” to impersonate a login pages, and collect the names and passwords of the staff, as a means to get to places deeper within the network.
Aims of hackers to get SSL certificates for gift used across the company network, which gives them a larger vision of the enterprise’s operations, and also stole their SSL certificates used in virtual private networks VPN, in order to steal data, access to the enterprise network from the outside.
He said the cyber security unit of Cisco that the group use this technique to break through the Netnod, which is the provider of the DNS in Sweden, and one of the servers of the three main ten that run the global infrastructure of the domain name system DNS.
The provider Netnod has confirmed in February that its infrastructure had been hacked, said Craig Williams, the Talon is able conclusively to link the hacking group “sea turtles” attack of Netnod.
It also enables the hackers to access the registrar that manages the top level domains country Armenia, which allowed the group to target any domain name “.am”.
Abstained Talon for determining the targets of the attacks, or the names of enrolled at-risk, with reference to the probability of the occurrence of further attacks or imitated.
As she swallowed the monster to mention the state that are likely to be behind the group, but she said that Armenia, Egypt, Cyprus, Iraq, Albania, Lebanon, Libya, Syria, Sweden, Turkey, Jordan, the United Arab Emirates, were among the victims.
Williams said that the basic motivations of the group are doing the experiment, given the ultimate goals of which included internet companies, communications infrastructure, and the Ministry of Foreign Affairs, and intelligence agencies in the Middle East and Africa.
The researchers explained that the group of “sea turtles” enjoy the capabilities of high technology, and hackers are able to maintain access to long-term by using stolen credentials.
He urged researchers and security companies to start using DNSSEC, a system of domain names more secure, encrypted and more difficult to counterfeiting, in addition to the use of authentication in the DNS records of the organization.
The report said: “limited this campaign to target the organization of national security in the Middle East and North Africa, we do not want to overestimate their consequences, but we are concerned that its success will lead to attack the domain name system DNS Global on a wider scale”.