The Department of Information Security said that during the process of monitoring information security in cyberspace, the National Cyber Security Monitoring Center - NCSC discovered and recorded information related to the cyber attack campaign carried out by the APT group MiroFace.
It is known that APT MirrorFace targets financial institutions, research institutes, and manufacturers. Accordingly, the attack group exploited information security vulnerabilities in Array AG and FortiGate software products to spread the NOOPDOOR malware.
According to experts, the NOOPDOOR malware is installed in legitimate applications on the system with two variants in the form of ".XML" and ".DLL" files. Both variants allow the attackers to establish connections via ports 443 and 47000 to download files and execute commands.
After the malware was released, the attackers carried out illegal actions such as accessing the network system's authentication information storage, spreading the malware to other devices in the local network, monitoring and extracting user information.
In addition, the attackers also took steps to avoid detection such as: editing timestamps, adding rules to the system firewall so that the malware can connect to certain ports, hiding enabled services...
From there, the Department of Information Security recommends that organizations and businesses across the country conduct inspections and reviews of information systems they are using that may be affected by the attack campaign launched by the APT MirrorFace group. At the same time, proactively monitor information related to this attack campaign to prevent and avoid the risk of being attacked.
At the same time, organizations are also advised to increase monitoring and prepare response plans when detecting signs of exploitation and cyber attacks.
In addition, units also need to monitor information to promptly detect cyber attack risks. When needing support, units can contact the National Cyber Security Monitoring Center at 02432091616 or email [email protected].
Source: https://kinhtedothi.vn/canh-bao-chien-dich-tan-cong-nham-vao-to-chuc-tai-chinh-vien-nghien-cuu.html
Comment (0)