Backdoor gives hackers complete control over federal agency network:
A US federal agency has been hosting a backdoor that can provide total visibility into and complete control over the agency network, and the researchers who discovered it have been unable to engage with the administrators responsible, security firm Avast said on Thursday.
The US Commission on International Religious Freedom, associated with international rights, regularly communicates with other US agencies and international governmental and nongovernmental organizations. The security firm published a blog post after multiple attempts failed to report the findings directly and through channels the US government has in place. The post didn't name the agency, but a spokeswoman did in an email. Representatives from the commission didn't respond to an email seeking comment.
While we have no information on the impact of this attack or the actions taken by the attackers, based on our analysis of the files in question, we believe it's reasonable to conclude that the attackers were able to intercept and possibly exfiltrate all local network traffic in this organization. This could include information exchanged with other US government agencies and other international governmental and nongovernmental organizations (NGOs) focused on international rights. We also have indications that the attackers could run code of their choosing in the operating system's context on infected systems, giving them complete control.
The backdoor works by replacing a normal Windows file named oci.dll with two malicious ones—one early in the attack and the other later on. The first imposter file implements WinDivert, a legitimate tool for capturing, modifying, or dropping network packets sent to or from the Windows network stack. The file allows the attackers to download and run malicious code on the infected system. Avast suspects the main purpose of the downloader is to bypass firewalls and network monitoring.
(Score: 3, Touché) by PiMuNu on Monday December 20 2021, @02:43PM (6 children)
> US Commission on International Religious Freedom
> regularly communicates with other US agencies and international governmental and nongovernmental organizations.
Sounds like a good cover for TLAs to me...
(Score: 5, Funny) by Gaaark on Monday December 20 2021, @03:01PM (5 children)
GOD help them.
:)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by maxwell demon on Monday December 20 2021, @04:06PM (1 child)
GOD = Grand Old Department? :-)
Indeed, it seems to be a sort of super-NSA, as it is often claimed that GOD sees everything.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 1, Funny) by Anonymous Coward on Monday December 20 2021, @11:24PM
Not NSA... USA.
Universe Security Agency.
(Score: 0) by Anonymous Coward on Monday December 20 2021, @05:28PM
When did God stop self-identifying as YHWH? Wait, tetragrammatically that's four letters.
Anyhow, the problem with monotheism and an agency like this is that as per its charter it is ostensibly *not* a platform to evangelize Clinton-era Christianity.
(Score: 0) by Anonymous Coward on Monday December 20 2021, @08:50PM
Thoughts and prayers that the backdoor goes away.
(Score: 2) by coolgopher on Monday December 20 2021, @09:49PM
Global Operations Director?
A colleague of a colleague actually had that title. He liked signing off with the acronym I'm told.
(Score: 2, Insightful) by Anonymous Coward on Monday December 20 2021, @03:12PM (3 children)
I had never even heard of this govt outfit. Turns out it was created in 1998. To do what, exactly? Spend federal money and provide jobs for the politicians' kids, I guess.
(Score: 1) by Snort on Monday December 20 2021, @03:37PM
Poorly managed pork positions.
(Score: 2) by MIRV888 on Monday December 20 2021, @04:34PM
What incredibly convenient timing. The internet was just starting to really take off.
(Score: 0) by Anonymous Coward on Monday December 20 2021, @07:13PM
Whenever you catch your government spending a thousand dollars for a toilet seat, remember that there are multiple explanations:
On that note, while commanding the continental army, George Washington declined to take a salary. He did, however, accept an expense account. Members of congress were noted as saying that they wished he would just take a salary. It would be cheaper. It turns out he was expensing his spy network as laundry.
(Score: 4, Insightful) by MIRV888 on Monday December 20 2021, @04:31PM (1 child)
The US is less inept at IT then we are led to believe.
That's my experience anyway.
(Score: 1) by khallow on Monday December 20 2021, @07:11PM
There's been several big IT flops over the past couple of decades: Snowden (he had access way outside his scope), the release [aarclibrary.org] of US intelligence hacker tools, and numerous data breaches [wikipedia.org] (note that Wikipedia gave up listing them at 2007 on that particular version of the page, but was getting about two a year that hit the media).
(Score: -1, Offtopic) by Mockingbird on Monday December 20 2021, @10:12PM
Found the problem!
Someone typed this with a straight face? Legitimate Windows tool, for Windows networking? Oxymorons do not get much more moronic that that!