Avast claims to have found backdoor in US government commission network

Security provider Avast says it found a backdoor on the Windows network by a US government commission associated with international rights, but was unable to get the organization to commit to a resolution of the issue .

In a blog post, the Avast Threat Intelligence Team said it decided to go public after contacting the affected organization directly, but concluded that afterwards “they would not respond, would not return communications or would not provide any information “.

Given the lack of engagement, Avast said it had little information to release. “We can only describe two files that we observed in the attack. In this blog, we provide our analysis of those two files,” the blog post reads.

However, Avast said it felt it was reasonable to conclude from an analysis of the two cases that “the attackers were able to intercept and possibly exfiltrate all local network traffic into this organization.”




“This could include information exchanged with other US government agencies and other international governmental and non-governmental organizations focused on international rights.

“We also have indications that attackers could execute code of their choice in the context of the operating system on infected systems, giving them full control.”

Avast described one file masquerading as oci.dll and abusing WinDivert, a kosher packet capture utility, to listen in on all communications.

“It allows attacker to download and execute any malicious code on the infected system. The main scope of this downloader may be to use local privileged rights to overcome firewalls and network monitoring “noted the Avast team.

He reported that the second file also masqueraded as oci.dll, replacing the first file at a later stage in the process and functioning as a decryptor.

The team concluded: “Because the affected organization would not engage, we no longer have factual information about this attack. It’s safe to assume that some form of data collection and network traffic exfiltration has occurred, but that’s educated speculation.

“Further, because it could have given full network visibility and complete control of an infected system, it is further reasonable to believe that this could be the first step in a multi-step attack to penetrate that network. or others more deeply into a classic APT-type operation. “

More details are available on the Avast Blog.

PROMOTE YOUR WEBINAR ON ITWIRE

It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least one campaign 3-4 weeks before your event.

The iTWire campaign will include extensive advertisements on our news site itwire.com and significant promotion in the https://itwire.com/itwire-update.html newsletter and promotional and editorial news. Plus a video interview of the keynote speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in promotional messages on the iTWire homepage.

Now that we are out of Lockdown, iTWire will focus on helping your webinars and campaigns and supporting through partial payments and extended durations, a Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click on the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers unique value to the tech industry by providing a range of video interviews, news, views and reviews, and also offers vendors the ability to promote your business and marketing messages.

We work with you to develop the message and conduct the product interview or review in a safe and collaborative manner. Unlike other YouTube Tech channels, we create a story around your post and post it on the ITWire homepage, linked to your post.

Additionally, your maintenance post message can be displayed in up to 7 different post views on our iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant lead generation opportunity for your business.

We also provide 3 videos in one recording / sitting if you need them so that you have a series of videos to promote to your customers. Your sales team can add your emails to the sales materials and footer of their sales and marketing emails.

Get the latest tech news, views, interviews, reviews, product promotions and events. Plus fun videos from our readers and customers.

SEE WHAT’S ON ITWIRE TV NOW!

Aurora J. William