Threat Alert: OPM Tools
ByCheck Point Threat Intelligence & Research Team
EXECUTIVE SUMMARY -The breach in the U.S. Office of Personnel Management (OPM) had compromised the personal information of millions of Americans. -There were two attacks by suspected Chinese hackers on personnel data and applications for security clearances. -The massive data breach is now believed to have affected well over 10 million separate users. -This alert lists the tools used in these attacks as well as Check Point coverage for these tools. DESCRIPTION FBI Alert Summary
- The FBI has obtained information regarding cyber actors who have compromised and stolen sensitive business information and Personally Identifiable Information (PII).
- Information obtained from victims indicates that PII was a priority target. The FBI notes that stolen PII has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud though the FBI is not aware of such activity by these groups.
- Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation.
Technical Details
- Groups responsible for these activities have been observed across a variety of intrusions leveraging a diverse selection of tools and techniques to attempt to gain initial access to a victim, including using credentials acquired during previous intrusions. These groups have also been observed compromising using the technique of DNS hijacking facilitated through the compromise of DNS registrars.
- The Remote Access Tools (RAT) used in those attacks include: Sakula, FF RAT, Trojan.IsSpace and Trojan.BLT.
CHECK POINT COVERAGE Check Point protects its customers from these tools with the Anti Bot and Anti-Virus blades, which include relevant signatures and indicators, among them:
- Trojan.Win32.Sakula.*
- Trojan.Win32.BLT.*
REFERENCES
You may also like
Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally
Recurring increase in cyber attacks: Q1 2024 saw a marked ...
Not So Private After All: How Dating Apps Can Reveal Your Exact Location
Check Point Research (CPR) recently analyzed several popular dating applications ...
Agent Tesla Targeting United States & Australia: Revealing the Attackers’ Identities
Highlights Check Point Research (CPR) uncovered three recent malicious campaigns ...
Beyond Imagining – How AI is actively used in election campaigns around the world
Key Findings AI is already extensively utilized in election campaigns ...