• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
conti leaks reveal ransomware gang's interest in firmware based attacks

Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks

You are here: Home / General Cyber Security News / Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks
June 2, 2022

An assessment of leaked chats from the infamous Conti ransomware team earlier this year has uncovered that the syndicate has been functioning on a established of firmware attack approaches that could supply a path to accessing privileged code on compromised devices.

“Handle in excess of firmware provides attackers nearly unmatched powers both of those to immediately induce harm and to empower other extensive-time period strategic aims,” firmware and components security company Eclypsium explained in a report shared with The Hacker Information.

“This kind of degree of access would enable an adversary to trigger irreparable problems to a program or to build ongoing persistence that is just about invisible to the functioning process.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

Specially, this incorporates attacks aimed at embedded microcontrollers such as the Intel Management Engine (ME), a privileged component that is portion of the company’s processor chipsets and which can entirely bypass the working program.

Conti ransomware group

The conversations amongst the Conti members, which leaked after the team pledged its aid to Russia in the latter’s invasion of Ukraine, have drop gentle on the syndicate’s tries to mine for vulnerabilities related to ME firmware and BIOS create defense.

This entailed discovering undocumented commands and vulnerabilities in the ME interface, attaining code execution in the ME to entry and rewrite the SPI flash memory, and dropping Technique Management Manner (SMM)-amount implants, which could be leveraged to even modify the kernel.

Conti ransomware group

The research in the end manifested in the sort of a proof-of-strategy (PoC) code in June 2021 that can attain SMM code execution by getting manage more than the ME immediately after obtaining initial accessibility to the host by usually means of common vectors like phishing, malware, or a supply chain compromise, the leaked chats demonstrate.

CyberSecurity

“By shifting emphasis to Intel ME as very well as focusing on equipment in which the BIOS is publish shielded, attackers could effortlessly discover much additional offered target devices,” the researchers explained.

That is not all. Manage around the firmware could also be exploited to get extensive-phrase persistence, evade security remedies, and result in irreparable technique hurt, enabling the menace actor to mount destructive attacks as witnessed through the Russo-Ukrainian war.

“The Conti leaks uncovered a strategic change that moves firmware attacks even additional absent from the prying eyes of traditional security tools,” the researchers explained.

“The shift to ME firmware provides attackers a significantly more substantial pool of potential victims to attack, and a new avenue to achieving the most privileged code and execution modes out there on contemporary methods.”

Located this write-up intriguing? Adhere to THN on Facebook, Twitter  and LinkedIn to read additional unique written content we post.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «cybercriminals expand attack radius and ransomware pain points Cybercriminals Expand Attack Radius and Ransomware Pain Points
Next Post: Threat Detection Software: A Deep Dive threat detection software: a deep dive»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz

Copyright © TheCyberSecurity.News, All Rights Reserved.