Articles One of the subgroups of Darkside has hacked the...

One of the subgroups of Darkside has hacked the supplier of video surveillance systems

-

Mandiant experts report that a hack group, which previously worked with the ransomware group DarkSide, hacked the website of an unnamed video surveillance system vendor and infected the official Windows application with malware.

The attack took place on May 18 and lasted until early June, until the moment when Mandiant specialists discovered the malware and notified the affected company. The malware was hidden inside a custom version of the Dahua SmartPSS Windows app that an unnamed video surveillance vendor made available to its customers to configure and manage.

It is reported that the Trojanized version of the application infected the machines affected by the SMOKEDHAM backdoor .

Attack scheme

Although the ransomware group DarkSide announced it would cease operations last month after a scandalous attack on the Colonial Pipeline company, Mandiant researchers have linked the hack to the video surveillance provider to one of three main subgroups DarkSide, which the company tracks under the ID UNC2465.

According to analysts, such “partner groups” of DarkSide, known under the codenames UNC2628, UNC2659 and UNC2465, launched attacks on corporate networks, and then deployed there a ransomware that they rented from the authors of DarkSide. As soon as the victims paid the ransom, the “partners” received 85% of the amount paid and moved on to new goals.

The linking of the recent incident to UNC2465 was possible thanks to the aforementioned SMOKEDHAM, which has so far been used exclusively in UNC2465 campaigns. And although in this case the attack did not lead to the deployment of DarkSide or other ransomware on the victim’s network, the researchers warn that attackers may soon switch to the new RaaS (Ransomware-as-a-Service) and return to ransomware attacks.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you