0

Zero Day Attack Targets SCADA Systems

Posted by admin on July 20, 2010  

On June 17, 2010, researchers at VirusBlokAda, an anti-virus software company in Belarus, published a report (.pdf) on a trojan which was specifically designed to target process conrol server software (commonly referred to as SCADA software) used in critical infrastructure. Further work by Frank Boldewin uncovered a snippet of code (figure 2) which specifically calls the Siemens WinCC SCADA system (figure 1).

Figure 1: Siemens software targeted in this attack

Figure 2: WinCC Code Snippet

This malware is delivered via a USB flash drive which exploits a newly discovered vulnerability (known as a Zero day or 0day) affecting all versions of Windows.
NOTE: If your operating system is Windows XP Service Pack 2 or older, Microsoft no longer supports it and a patch will not be issued.
A technical description of the malware can be found at the following sources:
US CERT: http://www.kb.cert.org/vuls/id/940193
VirusBlokAda: http://anti-virus.by/en/tempo.shtml
F-Secure: http://www.f-secure.com/weblog/archives/00001987.html
—–
This is an abstract of this week’s IntelFusion FLASH Traffic weekly brief. The full article includes the following data:
  • Global coverage broken out by country
  • Seimens business dealings with RF and PRC
  • GreyLogic’s threat analysis identifies 3 key characteristics of this APT attack

Subscription information is available by request.

Filed under IFT Abstract, Uncategorized · Tagged with , , ,

1

FSB and MVD are aggressively mining Runet with a Facebook algorithm

Posted by admin on June 2, 2010  

According to an article in the 14 May 2010 issue of Moscow newspaper “Trud”, the Federal Security Service (FSB) and Ministry of Internal Affairs (MVD) are ramping up efforts to mine the Russian Internet for terrorists planning attacks similar to the Moscow subway bombing:

Filed under IFT Abstract · Tagged with , , ,

0

Russian criminal enterprises continue to operate in U.S. IP space

Posted by admin on May 9, 2010  

Slavhost.ru and Ruskyhost.ru provide Webhosting services to customers in theRussian Federation. Both domain names (including .com and other TLDs) are registered through a Minnesota company: WebDirect LLC

Filed under IFT Abstract, Information Warfare, Russian Federation · Tagged with

0

Mapping DST’s Connections to the RF and Goldman Sachs

Posted by admin on May 8, 2010  

GreyLogic has been tracking the investments and connections of Digital Sky Technologies (DST) for almost 12 months.

Filed under IFT Abstract, Information Warfare, Russian Federation · Tagged with , ,