Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday December 20 2021, @02:02PM   Printer-friendly

Backdoor gives hackers complete control over federal agency network:

A US federal agency has been hosting a backdoor that can provide total visibility into and complete control over the agency network, and the researchers who discovered it have been unable to engage with the administrators responsible, security firm Avast said on Thursday.

The US Commission on International Religious Freedom, associated with international rights, regularly communicates with other US agencies and international governmental and nongovernmental organizations. The security firm published a blog post after multiple attempts failed to report the findings directly and through channels the US government has in place. The post didn't name the agency, but a spokeswoman did in an email. Representatives from the commission didn't respond to an email seeking comment.

While we have no information on the impact of this attack or the actions taken by the attackers, based on our analysis of the files in question, we believe it's reasonable to conclude that the attackers were able to intercept and possibly exfiltrate all local network traffic in this organization. This could include information exchanged with other US government agencies and other international governmental and nongovernmental organizations (NGOs) focused on international rights. We also have indications that the attackers could run code of their choosing in the operating system's context on infected systems, giving them complete control.

The backdoor works by replacing a normal Windows file named oci.dll with two malicious ones—one early in the attack and the other later on. The first imposter file implements WinDivert, a legitimate tool for capturing, modifying, or dropping network packets sent to or from the Windows network stack. The file allows the attackers to download and run malicious code on the infected system. Avast suspects the main purpose of the downloader is to bypass firewalls and network monitoring.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, TouchĂ©) by PiMuNu on Monday December 20 2021, @02:43PM (6 children)

    by PiMuNu (3823) on Monday December 20 2021, @02:43PM (#1206632)

    > US Commission on International Religious Freedom
    > regularly communicates with other US agencies and international governmental and nongovernmental organizations.

    Sounds like a good cover for TLAs to me...

    • (Score: 5, Funny) by Gaaark on Monday December 20 2021, @03:01PM (5 children)

      by Gaaark (41) on Monday December 20 2021, @03:01PM (#1206638) Journal

      GOD help them.
      :)

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
      • (Score: 2) by maxwell demon on Monday December 20 2021, @04:06PM (1 child)

        by maxwell demon (1608) on Monday December 20 2021, @04:06PM (#1206667) Journal

        GOD = Grand Old Department? :-)

        Indeed, it seems to be a sort of super-NSA, as it is often claimed that GOD sees everything.

        --
        The Tao of math: The numbers you can count are not the real numbers.
        • (Score: 1, Funny) by Anonymous Coward on Monday December 20 2021, @11:24PM

          by Anonymous Coward on Monday December 20 2021, @11:24PM (#1206759)

          Not NSA... USA.

          Universe Security Agency.

      • (Score: 0) by Anonymous Coward on Monday December 20 2021, @05:28PM

        by Anonymous Coward on Monday December 20 2021, @05:28PM (#1206688)

        When did God stop self-identifying as YHWH? Wait, tetragrammatically that's four letters.

        Anyhow, the problem with monotheism and an agency like this is that as per its charter it is ostensibly *not* a platform to evangelize Clinton-era Christianity.

      • (Score: 0) by Anonymous Coward on Monday December 20 2021, @08:50PM

        by Anonymous Coward on Monday December 20 2021, @08:50PM (#1206727)

        Thoughts and prayers that the backdoor goes away.

      • (Score: 2) by coolgopher on Monday December 20 2021, @09:49PM

        by coolgopher (1157) on Monday December 20 2021, @09:49PM (#1206742)

        Global Operations Director?

        A colleague of a colleague actually had that title. He liked signing off with the acronym I'm told.

  • (Score: 2, Insightful) by Anonymous Coward on Monday December 20 2021, @03:12PM (3 children)

    by Anonymous Coward on Monday December 20 2021, @03:12PM (#1206647)

    I had never even heard of this govt outfit. Turns out it was created in 1998. To do what, exactly? Spend federal money and provide jobs for the politicians' kids, I guess.

    • (Score: 1) by Snort on Monday December 20 2021, @03:37PM

      by Snort (5141) on Monday December 20 2021, @03:37PM (#1206657)

      Poorly managed pork positions.

    • (Score: 2) by MIRV888 on Monday December 20 2021, @04:34PM

      by MIRV888 (11376) on Monday December 20 2021, @04:34PM (#1206676)

      What incredibly convenient timing. The internet was just starting to really take off.

    • (Score: 0) by Anonymous Coward on Monday December 20 2021, @07:13PM

      by Anonymous Coward on Monday December 20 2021, @07:13PM (#1206713)

      Whenever you catch your government spending a thousand dollars for a toilet seat, remember that there are multiple explanations:

      • Straightforward waste
      • Straightforward corruption
      • It turns out that toilets on the space shuttle have different requirements than earthbound toilets, and the cost is justified.
      • It is all a cover story for the budget of a covert organization.

      On that note, while commanding the continental army, George Washington declined to take a salary. He did, however, accept an expense account. Members of congress were noted as saying that they wished he would just take a salary. It would be cheaper. It turns out he was expensing his spy network as laundry.

  • (Score: 4, Insightful) by MIRV888 on Monday December 20 2021, @04:31PM (1 child)

    by MIRV888 (11376) on Monday December 20 2021, @04:31PM (#1206675)

    The US is less inept at IT then we are led to believe.
    That's my experience anyway.

    • (Score: 1) by khallow on Monday December 20 2021, @07:11PM

      by khallow (3766) Subscriber Badge on Monday December 20 2021, @07:11PM (#1206712) Journal

      The US is less inept at IT then we are led to believe.

      There's been several big IT flops over the past couple of decades: Snowden (he had access way outside his scope), the release [aarclibrary.org] of US intelligence hacker tools, and numerous data breaches [wikipedia.org] (note that Wikipedia gave up listing them at 2007 on that particular version of the page, but was getting about two a year that hit the media).

  • (Score: -1, Offtopic) by Mockingbird on Monday December 20 2021, @10:12PM

    by Mockingbird (15239) on Monday December 20 2021, @10:12PM (#1206744) Journal

    Found the problem!

    The first imposter file implements WinDivert, a legitimate tool for capturing, modifying, or dropping network packets sent to or from the Windows network stack. The file allows the attackers to download and run malicious code on the infected system.

    Someone typed this with a straight face? Legitimate Windows tool, for Windows networking? Oxymorons do not get much more moronic that that!

(1)