Security experts are saying that Russian hackers are planning another attack, this time using a sophisticated malware program. Internet security company ESET presented a report that stated that Russian hacker group Fancy Bear is using rootkit malware to hack governments.
This leads them to believe that Fancy Bear aka APT28 might be a bigger threat than initially thought.
The security experts would not take any names on which countries were going to be hacked. They did however mention that some central and eastern European countries and Balkan states were being targeted.
LoJax is the name given to the malware. LoJax is based on LoJack, an anti-theft software. LoJack is controversial because of its ability to stay in the user’s system, even after a fresh new operating system reinstall.
Arbor Networks had discovered the LoJack component being used by hackers, in the early part of 2018. The hostile command and control server was being controlled by Fancy Bear.
Similar to other rootkits, LoJax embeds itself into a user’s firmware. It starts running when the computer is turned on.
This means that the malware has become part of flash memory, and removing it completely, requires nothing short of a miracle.
ESET confirmed after going through its internal investigation reports that the hackers had been “successful at least once” in coding a vicious program into a computer’s flash memory.
The security company remarked that it was difficult to link association with other hacking programs found on the system, but they were commonly used by Fancy Bear. These programs included proxy bypass tools and backdoor entry scripts.
Such programs are typically used by hackers to redirect network data to and from malicious servers.
ESET said it could link the malware to previous network architecture used by the hacker group with utmost surety.
Fancy Bear has been involved in cybercrime for more than ten years.
Its magnum opus is the hacking of the Democratic National Committee, spreading fake news and having a major hand in influencing the 2016 US presidential election.
The hackers have also meddled in private affairs of several US senators; they were involved in the French elections as well.
They targeted social media sites such as Twitter and Facebook too. This brought a lot of scrutiny from US senators who decided to investigate the security policies of these tech companies.
The security experts said that there are counter-measures to prevent such cyber-attacks. Since Fancy Bear’s rootkit doesn’t have a proper signature, a computer’s Secure Boot feature could prevent malware execution by thoroughly identifying each component in the boot process.
This secure boot feature can be turned on in DOS settings before the operating system boots up.
ESET said that the discovery “serves as a heads-up, especially to all those who might be in the crosshairs of Fancy Bear.”
This news calls for better security reforms, especially when it comes to matters of national security. All top government officials should have at least some knowledge of how computers worked.
In this way, they would be better able to handle sensitive data and prevent incidents such as the infamous “Hillary’s leaked emails” fiasco.
Fazeel Ashraf
Jazib Zaman
