Security Experts Develop New ‘Fingerprinting’ Technique to Link Russian Hacking Groups to Windows Exploit Sellers
October 3, 2020
214         0

by admin


Security researchers developed a new technique to track hackers through their “fingerprints.” They were able to link Windows local privilege escalation (LPE) exploits two different authors.  

Researchers Develop New Technique to Track Hackers Through Their 'Fingerprints'

(Photo : Photo by Leon Neal/Getty Images)
LONDON, ENGLAND – AUGUST 10: In this photo illustration, a man is seen using a mobile phone in the light of a projection of a thumbprint on August 09, 2017 in London, England. With so many areas of modern life requiring identity verification, online security remains a constant concern, especially following the recent spate of global hacks.

Also Read: Triple-Threat Outages: Is 911 Emergency Interruption Connected to Microsoft and UHS’ Service Interference?

They believed that the Windows exploit sellers sold their creations previously to advanced Russian threat (APT) groups and other clients. According to the cybersecurity firm Check Point’s blog post, the new strategy was developed off the back of a customer response incident, which a small 64-bit executable was found during the cyber attack. 

Also Read: FCC’s New Rules: Consumers No Longer Need to Pay for Caller ID Authentication to Avoid Robocalls As The New Implementation Prevents Surprise Charges

The team analyzed the file and found unique bug strings that are directed to an attempt to utilize a vulnerability on one of the target machines. A leftover PDB path (…cve-2019-0859x64ReleaseCmdTest.pdb0) was discovered in the file, which indicated that the use of a real-world exploit tool. 

The security researchers decided to use the new technique to “fingerprint” recognizable, unique identifiers, which are considered as the work of specific exploit developers. Check Point secured another 32-bit file, which revealed the compiled works of the same individual.  

The security researchers also analyzed the cybercriminals’ elevation techniques. 

Check Point researchers also studied unique artifacts in internal file names, binary code, PBD paths, and hardcoded values, such as crypto constants. They also analyzed the garbage values, string usage, data tables, syscall wrappers, and code snippets. 

Researchers Develop New Technique to Track Hackers Through Their 'Fingerprints'

(Photo : Photo by Leon Neal/Getty Images)
LONDON, ENGLAND – AUGUST 09: In this photo illustration, a thumbprint is projected onto a man on August 09, 2017 in London, England. With so many areas of modern life requiring identity verification, online security remains a constant concern, especially following the recent spate of global hacks.

The team also analyzed the hacker’s preferred elevation and leaking techniques, whether or not heal spraying was used. They also investigated the general process of the exploits. 

On the other hand, the two small binaries turned into a flow of new samples, which are all based on the newly-established Check Point hunting rules. The security experts then observed the new samples and analyzed the techniques used, allowing them to identify two exploit sellers.  

For more news updates about hackers and other cyber attackers, always keep your tabs open here at TechTimes. 

Also Read: [BREAKING] Facebook, Google, Twitter CEOs Get Subpoenaed by US Senate Over Section 230

This article is owned by TechTimes,

Written by: Giuliano de Leon.

ⓒ 2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.





Source link

subscribe for YouMedia Newsletter
0 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

newsletter
subscribe for YouMedia Newsletter
LET'S HANG OUT ON SOCIAL