An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
May 28, 2021 05:29 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZISmcYuf_N4/days-before-a-report-chinese-hackers-removed-malware-from-infected-networks
Days Before a Report, Chinese Hackers Removed Malware From Infected Networks
An anonymous reader shares a report: Last month, security firm FireEye detected a Chinese hacking campaign that exploited a zero-day vulnerability in Pulse Secure VPN appliances to breach defense contractors and government organizations in the US and across Europe. The hacking campaign allowed the threat actors -- two groups which FireEye tracks as UNC2630 and UNC2717 -- to install web shells on Pulse Secure devices, which the attackers used to pivot to internal networks from where they stole internal network credentials, email communications, and sensitive documents. But in a follow-up report published today, FireEye said it found something strange -- namely that at least one of the groups involved in the attacks began removing its malware from infected networks three days before its researchers exposed the attacks. "Between April 17th and 20th, 2021, Mandiant incident responders observed UNC2630 access dozens of compromised devices and remove webshells like ATRIUM and SLIGHTPULSE," researchers said on Thursday. The threat actor's actions are highly suspicious and raise questions if they knew of FireEye's probing.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZISmcYuf_N4/days-before-a-report-chinese-hackers-removed-malware-from-infected-networks
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot