CyberSecurity news

FlagThis - #government

@Talkback Resources //
Cybersecurity researchers have unveiled advanced obfuscation tactics employed by APT28, a Russian state-sponsored threat actor, in their HTA Trojan. The investigation focuses on espionage campaigns targeting Central Asia and Kazakhstan diplomatic relations, revealing intricate multi-layer obfuscation strategies designed to evade detection. The analysis highlights the use of Microsoft’s VBE technique within HTA files as a core component of APT28’s malware delivery mechanism. This encoding method, facilitated by the Windows Script Encoder, transforms VBScript and JavaScript files into obfuscated formats that remain executable while concealing their true functionality.

The investigation uncovered that the malware leverages Windows’ vbscript.dll to generate embedded strings dynamically during execution. By analyzing these strings and their interaction with memory addresses, researchers were able to reconstruct the original VBScript payload hidden within the HTA file. Using publicly available tools like “vbe-decoder.py,” they successfully deobfuscated the encoded scripts, exposing the final malicious payload designed for espionage activities. This discovery underscores the need for robust malware analysis capabilities and proactive threat intelligence sharing within the cybersecurity community.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Virus Bulletin: Cisco Talos researcher Joey Chen describes how Lotus Blossom uses Sagerunex and other hacking tools for post-compromise activities. The espionage operation targets government, manufacturing, telecommunications & media organizations from Philippines, Vietnam, Hong Kong & Taiwan.
  • gbhackers.com: Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications
  • Talkback Resources: Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
  • www.cysecurity.news: Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations
  • Cyber Security News: Researchers Unveil APT28’s Advanced HTA Trojan Obfuscation Tactics in Detail
  • gbhackers.com: Researchers Unveil APT28’s Advanced HTA Trojan Obfuscation Tactics
  • securityaffairs.com: Chinese Lotus Blossom APT targets multiple sectors with Sagerunex backdoor
Classification:
@go.theregister.com //
The US Government's Office of Personnel Management (OPM) is facing a lawsuit over the hasty implementation of a new federal email system. Two anonymous employees have filed a complaint in a Washington DC district court, alleging that the rapid rollout, spearheaded by the Trump administration, violated the E-Government Act of 2002. The complaint claims that the OPM established a single email address, HR@opm.gov, intended for direct communication with all civilian federal employees, bypassing the usual procedures where OPM works with agencies and departments. This centralized system has raised concerns, with some speculating its primary use might be to facilitate mass firings.

At the center of the controversy is a lone, on-premises server allegedly set up quickly on the OPM network to handle the central email inbox. Crucially, a privacy impact assessment, mandated by law, was not completed or published before deployment. This assessment is meant to ensure that any staff data on the machine is protected. The lawsuit claims this oversight was intentional and willful, drawing parallels to a significant 2014 cyberattack where 20 million records were stolen from the same OPM. The agency's handling of this new system, especially given its history, has raised eyebrows and fueled fears of another potential cyber disaster.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • ciso2ciso.com: The curious story of Uncle Sam’s HR dept, a hastily set up email server, and fears of another cyber disaster – Source: go.theregister.com
  • go.theregister.com: The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster
  • Pyrzout :vm:: The curious story of Uncle Sam’s HR dept, a hastily set up email server, and fears of another cyber disaster – Source: go.theregister.com
  • The Register: The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings
  • Pyrzout :vm:: The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster
Classification:
  • HashTags: #cybersecurity #usgovernment #emailsecurity
  • Company: US Government
  • Target: US Government
  • Product: email server
  • Feature: email server
  • Type: Vulnerability
  • Severity: Major