Connect with us

Tech News

Researchers obtain a command server used by North Korean hacker group – TechCrunch

Published

on

In a rare move, government officials have handed security researchers a seized server believed to be used by North Korean hackers to launch dozens of targeted attacks last year.

Known as Operation Sharpshooter, the server was used to deliver a malware campaign targeting governments, telecoms, and defense contractors — first uncovered in December. The hackers sent malicious Word document by email that would when opened run macro-code to download a second-stage implant, dubbed Rising Sun, which the hackers used to conduct reconnaissance and steal user data.

The Lazarus Group, a hacker group linked to North Korea, was the prime suspect given the overlap with similar code previously used by hackers, but a connection was never confirmed.

Now, McAfee says it’s confident to make the link.

“This was a unique first experience in all my years of threat research and investigations,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee, told TechCrunch in an email. “In having visibility into an adversary’s command-and-control server, we were able to uncover valuable information that lead to more clues to investigate,” he said.

The move was part of an effort to better understand the threat from the nation state, which has in recent years been blamed for the 2016 Sony hack and the WannaCry ransomware outbreak in 2017, as well as more targeted attacks on global businesses.

In the new research seen by TechCrunch out Sunday, the security firm’s examination of the server code revealed Operation Sharpshooter was operational far longer than first believed — dating back to September 2017 — and targeted a broader range of industries and countries, including financial services and critical infrastructure in Europe, the U.K. and the U.S.

The modular command and control structure of the Rising Sun malware. (Image: McAfee)

The research showed that server, operating as the malware’s command and control infrastructure, was written in the PHP and ASP web languages, used for building websites and web-based applications, making it easily deployed and highly scalable.

The back-end has several components used to launch attacks on the hackers’ targets. Each component has a specific role, such as the implant downloader, which hosts and pulls the implant from another downloader; and the the command interpreter, which operates the Rising Sun implant through an intermediate hacked server to help hide the wider command structure.

The researchers say that the hackers use a factory-style approach to building the Rising Sun, a modular type of malware that was pieced together different components over several years. “These components appear in various implants dating back to 2016, which is one indication that the attacker has access to a set of developed functionalities at their disposal,” said McAfee’s research. The researchers also found a “clear evolutionary” path from Duuzer, a backdoor used to target South Korean computers as far back as 2015, and also part of the same family of malware used in the Sony hack, also attributed to North Korea.

Although the evidence points to the Lazarus Group, evidence from the log files show a batch of IP addresses purportedly from Namibia, which researchers can’t explain.

“It is quite possible that these unobfuscated connections may represent the locations that the adversary is operating from or testing in,” the research said. “Equally, this could be a false flag,” such as an effort to cause confusion in the event that the server is compromised.

The research represents a breakthrough in understanding the adversary behind Operation Sharpshooter. Attribution of cyberattacks is difficult at best, a fact that security researchers and governments alike recognize, given malware authors and threat groups share code and leave red herrings to hide their identities. But obtaining a command and control server, the core innards of a malware campaign, is telling.

Even if the goals of the campaign are still a mystery, McAfee’s chief scientist Raj Samani said the insight will “give us deeper insights in investigations moving forward.”

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

M1 MacBook Pro with 8GB, 16GB RAM show surprising benchmark results

Published

on

Apple’s M1 Silicon has definitely been hogging the computing news spotlight these past weeks, most of them comparing its performance with Intel’s chips. Not all M1 Macs are the same, of course, and not just counting the difference between an M1 MacBook Air and an M1 MacBook Pro. Even the MacBook Pro (Late 2020) offers two slightly different models with different RAM capacities. Thankfully, someone took the time to benchmark these two variants, and the results might surprise you a bit.

It’s probably logical to assume that an M1 MacBook Pro with 16GB of RAM will outperform one with only 8GB of RAM and that may be true in some cases. It is, however, a simplistic view which could end up literally costing you when you decide which model to pick. Even benchmark tests don’t give the full picture and you have to take them into context.

YouTube channel Max Tech puts these two M1-powered MacBook Pros through a series of tests and, depending on what’s being tested, the performance difference between the two isn’t that stark. For activities that require more memory, like exporting an 8K R3D RAW to 4K, it’s only natural that the 16GB RAM configuration would finish faster. For more CPU-intensive tasks, however, the 8GB RAM model isn’t that far behind.

The real loser in these tests, unsurprisingly, is Intel once again. The benchmarks put an Intel Core i9 MacBook Pro with 32GB of RAM and a 2020 iMac with 16GB of RAM to be almost in the same ballpark as the M1 MacBook Pro with 16GB of RAM. Considering the Intel-powered Macs cost twice or thrice as much, the result is almost embarrassing for Intel.

The benchmarks aren’t exactly a glowing recommendation of the 8GB RAM M1 MacBook Pro, just that, for most use cases, it would be enough. As always, buyers have to keep in mind what they intend to use the MacBook Pros for in the long run but they can rest assured knowing that even the more affordable model is no slouch.

Continue Reading

Tech News

Intel boasts battery performance superiority over AMD in Intel tests

Published

on

Intel has taken quite a beating this year, from AMD’s unwavering onslaught to the damning benchmarks of the Apple Silicon M1. The launch of its 11th-gen Tiger Lake processors for laptops has seemingly been pushed to the sidelines as a consequence and it is looking for ways to get back into the spotlight. What better way to do that than by calling out its eternal rival AMD over the latter’s battery performance and, sure enough, the benchmarks ran by Intel show it having the upper hand in that particular use case.

Intel has traditionally dominated the desktop market where towering computers had less concern about power draw and thermal management. These days, however, laptops dominate the market, and battery life and heat dissipation have become just as or even more important than raw performance. Unfortunately for Intel, these have been areas where its mobile processors have not delivered to users’ satisfaction.

In its latest marketing push, Intel addresses at least one of those concerns, specifically the performance of its new Tiger Lake processors based on its Evo platform when the laptop is running solely on battery power. It pits its 11th-gen processors with laptops running on AMD’s Ryzen 4000 series to see which of the two sets squeezes the most out of battery power. Considering who’s running the tests and presenting the results, the outcome is unsurprising.

Although it concedes that AMD’s chips score better in battery life benchmarks, Intel also points out its own CPUs’ better and more consistent output when it comes to actual data and number crunching. It also takes note of a rather odd behavior from AMD’s processors where the CPUs delay burst and responsiveness for about 10 seconds. It also unsurprisingly calls out the inconsistency of the results from Cinebench, its least favorite suite.

Battery performance is, of course, just a single part of the picture and Intel has reportedly forbidden press from testing and talking about battery life, that other area where its chips have been notoriously weak. Intel has also so far remained silent on benchmark comparisons with Apple’s shiny new ARM-based M1 but it is probably choosing its battles where it has a slight chance of succeeding.

Continue Reading

Tech News

HomePod mini owners report random Internet connectivity problems

Published

on

Apple was terribly late to the smart speaker party and even when the HomePod finally landed, it was initially a disappointment when it came to Siri’s usefulness and control of smart home appliances. It definitely got better over time but its competitors have moved on to bigger and smaller smart speakers. At long last, Apple finally bit back with the HomePod mini but the smart speaker is reportedly giving new owners more headaches than the $99 speaker is worth because of intermittent and inexplicable Internet connection problems.

A smart speaker is smart precisely because of how it connects to the Internet and other Internet-connected devices at home or elsewhere. While it might be possible to do things from a local network only, there are actions that only work if you have an active Internet connection. Without that, a smart speaker is just an overpriced speaker.

Unfortunately, that is exactly the experience that a number of owners are reporting with their new smart balls. They all report getting the same response from Siri when asking it to do something: “I am having trouble connecting to the Internet”. Unfortunately, the large HomePod doesn’t seem to experience the same issue so it’s definitely not the case.

Even worse, no fix seems to be available for the issue. Users have reported trying all possible methods, including those advised by Apple, from resetting the speaker to even resetting their routers. If the HomePod mini started working again, it would only be for a day at most.

The one silver lining is that all HomePod minis are naturally still covered by their warranties but that doesn’t exactly explain why it’s happening in the first place. At this point, it could either be a software problem or, worse, a hardware one, and the latter is definitely harder to fix, especially on your own.

Continue Reading

Trending