@Talkback Resources
//
Cybersecurity researchers have unveiled advanced obfuscation tactics employed by APT28, a Russian state-sponsored threat actor, in their HTA Trojan. The investigation focuses on espionage campaigns targeting Central Asia and Kazakhstan diplomatic relations, revealing intricate multi-layer obfuscation strategies designed to evade detection. The analysis highlights the use of Microsoft’s VBE technique within HTA files as a core component of APT28’s malware delivery mechanism. This encoding method, facilitated by the Windows Script Encoder, transforms VBScript and JavaScript files into obfuscated formats that remain executable while concealing their true functionality.
The investigation uncovered that the malware leverages Windows’ vbscript.dll to generate embedded strings dynamically during execution. By analyzing these strings and their interaction with memory addresses, researchers were able to reconstruct the original VBScript payload hidden within the HTA file. Using publicly available tools like “vbe-decoder.py,” they successfully deobfuscated the encoded scripts, exposing the final malicious payload designed for espionage activities. This discovery underscores the need for robust malware analysis capabilities and proactive threat intelligence sharing within the cybersecurity community. References :
Classification:
@go.theregister.com
//
The US Government's Office of Personnel Management (OPM) is facing a lawsuit over the hasty implementation of a new federal email system. Two anonymous employees have filed a complaint in a Washington DC district court, alleging that the rapid rollout, spearheaded by the Trump administration, violated the E-Government Act of 2002. The complaint claims that the OPM established a single email address, HR@opm.gov, intended for direct communication with all civilian federal employees, bypassing the usual procedures where OPM works with agencies and departments. This centralized system has raised concerns, with some speculating its primary use might be to facilitate mass firings.
At the center of the controversy is a lone, on-premises server allegedly set up quickly on the OPM network to handle the central email inbox. Crucially, a privacy impact assessment, mandated by law, was not completed or published before deployment. This assessment is meant to ensure that any staff data on the machine is protected. The lawsuit claims this oversight was intentional and willful, drawing parallels to a significant 2014 cyberattack where 20 million records were stolen from the same OPM. The agency's handling of this new system, especially given its history, has raised eyebrows and fueled fears of another potential cyber disaster. References :
Classification:
|