11/16/2023 0 Comments Group in noxplayer android emulator![]() ![]() ![]() The second is the case of the VGCA, the official certificate authority of the Vietnamese government. The first is the case of Able Desktop, software used by many Mongolian government agencies. This incident is also the third supply chain attack discovered by ESET over the past two months. These correlations referred to the three malware strains deployed via malicious NoxPlayer updates, which ESET said contained "similarities" to other malware strains used in a Myanmar presidential office website supply-chain compromise in 2018 and early 2020 in an intrusion into a Hong Kong university. "We are still investigating, but we have found tangible correlations to a group we internally call Stellera, which we will be reporting about in the near future." "We discard the possibility that this operation is the product of some financially motivated group," an ESET spokesperson told ZDNet today via email. adopt additional measures, notably encryption of sensitive data, to avoid exposing users' personal informationĪs for who's behind the attack, ESET doesn't know, but it knows who it wasn't.implement file integrity verification using MD5 hashing and file signature checks.use only HTTPS to deliver software updates in order to minimize the risks of domain hijacking and Man-in-the-Middle (MitM) attacks.“Unfortunately, we did not observe links as strong as one campaign dropping or downloading a payload that belongs to the other campaign, but we conclude, with medium confidence, that Operation NightScout is related to the Gelsemium group. Victims originally compromised by that supply-chain attack were later being compromised by Gelsemine,” ESET’s white paper reads.Īlso Read: Data Protection Officer Singapore | 10 FAQs “The investigation uncovered some overlap between this supply-chain attack and the Gelsemium group. This, in itself, makes Gelsemium’s attack on NoxPlayer stand out since not many threat actors target gaming community targets. Multi-instance, enjoy effortless multitasking. NoxPlayer, a better experience for Mobile Games. Every feature is perfect for your gaming experience only. Luckily, this supply-chain attack (dubbed Operation NightScout) only impacted a limited set of targets from Taiwan, Hong Kong, and Sri Lanka, hinting at the operation’s highly targeted nature. Supports keyboard, gamepad, script recording and multiple instances. Gelsemium attack flow (ESET) Linked to a supply-chain attack targeting gamersĮSET researchers believe that Gelsemium is the APT group that coordinated the supply-chain attack that compromised and abused the updating of the NoxPlayer Android emulator for Windows and macOS (with more than 150 million users) to infect gamers’ systems between September 2020 and January 2021. “Gelsemium’s whole chain might appear simple at first sight, but the exhaustive number of configurations, implanted at each stage, can modify on-the-fly settings for the final payload, making it harder to understand,” ESET researcher Thomas Dupuy added in a report published today. Their list of tactics also includes the use of Dynamic DNS (DDNS) domain names for command-and-control servers to complicate infrastructure tracking since they do not come with a list of newly created domains. They’ve also been observed by VenusTech using watering holes set up on intranet servers in 2018, while ESET spotted them using a pre-authentication RCE exploit against vulnerable Exchange servers to deploy web shells. “Gelsemium uses three components and a plug-in system to give the operators a range of possibilities to gather information: the dropper Gelsemine, the loader Gelsenicine, and the main plugin Gelsevirine,” ESET revealed.Īccording to reports from G DATA and Verint Systems, the cyberspies used spear-phishing emails with document attachments exploiting the CVE-2012-0158 Microsoft Office vulnerability to deliver the malware. Gelsemium targeting (ESET) Malware deployed using several attack vectorsĮSET researchers revealed today that they also found early versions of the group’s Gelsevirine “complex and modular” backdoor while investigating several campaigns since mid-2020. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |