• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
conti leaks reveal ransomware gang's interest in firmware based attacks

Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks

You are here: Home / General Cyber Security News / Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks
June 2, 2022

An assessment of leaked chats from the infamous Conti ransomware team earlier this year has uncovered that the syndicate has been functioning on a established of firmware attack approaches that could supply a path to accessing privileged code on compromised devices.

“Handle in excess of firmware provides attackers nearly unmatched powers both of those to immediately induce harm and to empower other extensive-time period strategic aims,” firmware and components security company Eclypsium explained in a report shared with The Hacker Information.

“This kind of degree of access would enable an adversary to trigger irreparable problems to a program or to build ongoing persistence that is just about invisible to the functioning process.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

Specially, this incorporates attacks aimed at embedded microcontrollers such as the Intel Management Engine (ME), a privileged component that is portion of the company’s processor chipsets and which can entirely bypass the working program.

Conti ransomware group

The conversations amongst the Conti members, which leaked after the team pledged its aid to Russia in the latter’s invasion of Ukraine, have drop gentle on the syndicate’s tries to mine for vulnerabilities related to ME firmware and BIOS create defense.

This entailed discovering undocumented commands and vulnerabilities in the ME interface, attaining code execution in the ME to entry and rewrite the SPI flash memory, and dropping Technique Management Manner (SMM)-amount implants, which could be leveraged to even modify the kernel.

Conti ransomware group

The research in the end manifested in the sort of a proof-of-strategy (PoC) code in June 2021 that can attain SMM code execution by getting manage more than the ME immediately after obtaining initial accessibility to the host by usually means of common vectors like phishing, malware, or a supply chain compromise, the leaked chats demonstrate.

CyberSecurity

“By shifting emphasis to Intel ME as very well as focusing on equipment in which the BIOS is publish shielded, attackers could effortlessly discover much additional offered target devices,” the researchers explained.

That is not all. Manage around the firmware could also be exploited to get extensive-phrase persistence, evade security remedies, and result in irreparable technique hurt, enabling the menace actor to mount destructive attacks as witnessed through the Russo-Ukrainian war.

“The Conti leaks uncovered a strategic change that moves firmware attacks even additional absent from the prying eyes of traditional security tools,” the researchers explained.

“The shift to ME firmware provides attackers a significantly more substantial pool of potential victims to attack, and a new avenue to achieving the most privileged code and execution modes out there on contemporary methods.”

Located this write-up intriguing? Adhere to THN on Facebook, Twitter  and LinkedIn to read additional unique written content we post.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «cybercriminals expand attack radius and ransomware pain points Cybercriminals Expand Attack Radius and Ransomware Pain Points
Next Post: Threat Detection Software: A Deep Dive threat detection software: a deep dive»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.