It is currently 24-09-2017 14:59

In leaked files Equation Group discovered a backdoor for Unix systems

In leaked files Equation Group discovered a backdoor for Unix systems

by sigismund » 2016-09-15 11:12:23


the Tool was used to obtain remote access to a target system and data theft.


Experts in the field of information security continues to explore the archive, released group The Shadow Brokers. We will remind, in August of this year, hackers broke into the servers group Equation Group, a suspect in connection with the national security Agency of the USA, and stole a number of tools in its Arsenal, including malware and exports.

While many experts have focused on finding information about a potential zero-day vulnerabilities, some tools remain unexplored. In particular, researchers at Vectra Networks, the company drew attention to one such malware is a remote access Trojan for Unix called NOPEN.

According to experts, the tool was used to obtain remote access to a target system and data theft. All collected data is sent to the control server in encrypted form (encryption algorithm RC6). After the necessary information was in the hands of cyber criminals, the Trojan was removed from the system.

According to the analysis, NOPEN able to run on different operating systems, including Linux, FreeBSD, SunOS, Solaris, and HP-UX. According to experts, some security solutions can detect NOPEN network, despite the use of RC6 algorithm for masking of traffic generated by the Trojan.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5