According to Kaspersky Labs, a group of Chinese hackers, DANTI
stole some information from the computers of various bureaucrats and Indian
embassies earlier this month.
The origin of Danti is unknown, but the Kaspersky Lab researchers suspect that the group is somehow connected to the Nettraveler and DragonOK groups. They believe it is Chinese hackers who are behind these groups.
Danti is highly focused on diplomatic entities. They may already have full access to internal networks of Indian government organisations, Kaspersky Lab alleged in a statement.
It was first spotted at the beginning of February. Some Danti Trojans have been detected in Kyrgyzstan, Kazakhstan, Uzbekistan, Nepal, Philippines and Myanmar.
The exploit is delivered through phishing emails. In order to grab the attention of potential victims, the threat actors of Danti have created emails in the names of some high-ranking Indian government officials. Once the vulnerability is exploited , the Danti backdoor is installed. This subsequently provides access to the infected machine so they can get sensitive data.
The “CVE-2015-2545” error enables the attacker to execute codes using a specially crafted EPS image file. The severity of the exploit for this vulnerability is very high as it uses PostScript technique and it can evade Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protection methods embedded in Windows. This group is been spotted lately using this vulnerability.
The origin of Danti is unknown, but the Kaspersky Lab researchers suspect that the group is somehow connected to the Nettraveler and DragonOK groups. They believe it is Chinese hackers who are behind these groups.
Danti is highly focused on diplomatic entities. They may already have full access to internal networks of Indian government organisations, Kaspersky Lab alleged in a statement.
It was first spotted at the beginning of February. Some Danti Trojans have been detected in Kyrgyzstan, Kazakhstan, Uzbekistan, Nepal, Philippines and Myanmar.
The exploit is delivered through phishing emails. In order to grab the attention of potential victims, the threat actors of Danti have created emails in the names of some high-ranking Indian government officials. Once the vulnerability is exploited , the Danti backdoor is installed. This subsequently provides access to the infected machine so they can get sensitive data.
The “CVE-2015-2545” error enables the attacker to execute codes using a specially crafted EPS image file. The severity of the exploit for this vulnerability is very high as it uses PostScript technique and it can evade Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protection methods embedded in Windows. This group is been spotted lately using this vulnerability.
No comments:
Post a Comment