Indian Cyber Warefare Capability : Discussions and Infosec news

rone

Regular Member
Joined
Dec 23, 2016
Messages
919
Likes
2,958
Country flag

‘Operations carried out by Chinese hacker groups may be linked to China’s geopolitical objectives’: Microsoft issues statement after seizing 42 malicious sites

In a statement issued by Microsoft, the American multinational organisation said it has seized many as 42 malicious web domains used by a China-based hacking group called Nickel or APT15

View attachment 123669

I hope we have patched vulnerabilities. Hope this attack was avenged.
all i have to say LOL, becoz this wont be the first time Indian critical infra came under attack and it wont be last, the blame game and cover ups will be more funnier in future
 

Op Kahuta

Tihar Jail
Banned
Joined
Nov 10, 2021
Messages
417
Likes
2,175
Country flag

Many large software companies and online services use the Log4j library, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and many more. Because of the library being so popular, some information security researchers expect significant increase of the attacks on vulnerable servers over the next few days.
Well that explains how pm's account got hacked. Seriously what kind of SOC shitter(read twitter) has lol? They still haven't updated their library to 2.15.0(and why were they using the vulnerable version in the 1st place?).And then we have "cybersec exfarts" on shitter saying how pm is gonna protect the nation when his own account got hacked😑
 

Op Kahuta

Tihar Jail
Banned
Joined
Nov 10, 2021
Messages
417
Likes
2,175
Country flag
Does anyone know if we have a VEP(Vulnerabilities equity process) framework?
 

sorcerer

Senior Member
Joined
Apr 13, 2013
Messages
26,920
Likes
98,472
Country flag
Cloned version of Indian Army app targets personnel

A cloned version of an official mobile application meant exclusively for Indian Army personnel targeted Android phones with hidden Remote Access Trojan (RAT) attacks.


First identified by the Malware Hunter Team, a platform that identifies malicious software, the cloned app was designed to mimic the official Army Mobile Aadhaar App Network (ARMAAN).
1643858620330.png

 

Op Kahuta

Tihar Jail
Banned
Joined
Nov 10, 2021
Messages
417
Likes
2,175
Country flag
Cloned version of Indian Army app targets personnel

A cloned version of an official mobile application meant exclusively for Indian Army personnel targeted Android phones with hidden Remote Access Trojan (RAT) attacks.


First identified by the Malware Hunter Team, a platform that identifies malicious software, the cloned app was designed to mimic the official Army Mobile Aadhaar App Network (ARMAAN).
View attachment 135526
The sample got detected as apt-c-23 but it doesn't make sense cuz they only target middle east especially palestine. And I find it quite noob-y on their part that they will just have their C2 ip on pastebin or hardcoded cuz that will make it easy for threat hunters to shut it down.
 

rone

Regular Member
Joined
Dec 23, 2016
Messages
919
Likes
2,958
Country flag
The sample got detected as apt-c-23 but it doesn't make sense cuz they only target middle east especially palestine. And I find it quite noob-y on their part that they will just have their C2 ip on pastebin or hardcoded cuz that will make it easy for threat hunters to shut it down.
The pastebin method was first introduced in windows rat called lime rat which was created by a Kuwaiti kid called nyan_cat , then evey one just do copy paste same src across all rats, most of new middle Eastern apt group's rat pretty easy to track down and take down because they all derived from mostly one or two open source GitHub rats,
 

Op Kahuta

Tihar Jail
Banned
Joined
Nov 10, 2021
Messages
417
Likes
2,175
Country flag

sorcerer

Senior Member
Joined
Apr 13, 2013
Messages
26,920
Likes
98,472
Country flag
Indian agency CERT-In issues ‘high severity’ advisory for Google Chrome users


According to CERT-In, Google Chrome users should immediately update the Chrome browser to avoid targeted attacks. The agency noted that only Chrome versions prior to 98.0.4758.80 are affected by the vulnerabilities. “These vulnerabilities exist in Google Chrome due to Use after free in Safe Browsing, Reader Mode, Web Search, Thumbnail Tab, Strip, Screen Capture, Window Dialogue, Payments, Extensions, Accessibility, and Cast; Heap buffer overflow in ANGLE; Inappropriate implementation in Full Screen Mode, Scroll, Extensions Platform and Pointer Lock; Type Confusion in V8; Policy bypass in COOP and Out of bounds memory access in V8,” the advisory read.

 

Op Kahuta

Tihar Jail
Banned
Joined
Nov 10, 2021
Messages
417
Likes
2,175
Country flag

Anyone what does he mean by "2 layered centrally managed IP backbone"? Some kind of proxy server is it?
 

Op Kahuta

Tihar Jail
Banned
Joined
Nov 10, 2021
Messages
417
Likes
2,175
Country flag
Maybe he means MPLS Layer 2 VPNs that carry Data/Voice i.e. Data/IP Telephony traffic. (No separate backbone or transport for telephony)
Yea that's what I though cuz mpls does support vpn. Btw has any military adopted sd-wan for their network? Heard it's less expensive than mpls and offers the same performance and features as that.
 

Cheran

Senior Member
Joined
Sep 8, 2019
Messages
8,762
Likes
76,713
Country flag
Yea that's what I though cuz mpls does support vpn. Btw has any military adopted sd-wan for their network? Heard it's less expensive than mpls and offers the same performance and features as that.
I came across this for US Navy:-


Lumen snags SD-WAN contract with U.S. Navy JAG
 

sorcerer

Senior Member
Joined
Apr 13, 2013
Messages
26,920
Likes
98,472
Country flag
Samsung security breach sees Galaxy source code stolen by hacker group, no personal data


In a statement shared with Bloomberg and SamMobile, Samsung officially confirmed that a hacker group breached company data. The same hacker group is responsible for the recent breach of Nvidia’s private data, and the ongoing threat to post that data online.


well!! bois..
all your base belong to them
 

sorcerer

Senior Member
Joined
Apr 13, 2013
Messages
26,920
Likes
98,472
Country flag
X POST
Beware! Chinese hackers are using VLC Media Player to spy on you
Shweta Ganjoo

3-4 minutes



VLC is a fairly popular media player. The fact that it takes minimal space on PCs, loads faster and works with almost every video format makes it a fan favourite. Now, a new report suggests that scammers are using its popularity to launch malware attacks on users.

According to a report by Symantec’s cybersecurity researchers, a state-sponsored Chinese group called Cicada or APT10 is using VLC Media Player on Windows PCs to launch malware for spying on government, legal, religious, telecom, pharmaceutical and non-governmental organisations (NGOs) in countries across the globe, including in Europe, Asia, and North America. The victims of Cicada’s cyber attacks are spread across the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Italy and Japan

 

not so dravidian

Senior Member
Joined
Feb 3, 2021
Messages
1,523
Likes
8,062
Country flag
Oil India's Headquarters In Assam Under "Cyber Attack"

The company has filed a case with the Assam Police and has claimed the hackers are 75 lakh dollars.

Earlier, the company said three to four computers were "infected due to malware".

"As a precautionary measure, we had to withdraw many computers system from LAN connection after it has come to the knowledge that three to four computers are infected due to the virus and malwares. Internet connectivity remains restricted, however, this has not impacted any of our servers de-align with production and back-end business operations," said Tridip Hazarika, Public Relations, Corporate Communication, Oil India Ltd, in Duliajan
 

Latest Replies

Global Defence

New threads

Articles

Top