Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Zebrocy targets Yandex Browser, Chromium and versions of Microsoft Outlook

Zebrocy targets Yandex Browser, Chromium and versions of Microsoft Outlook

  • The first set of commands collect information about the victim’s system and environment.
  • The attackers behind Zebrocy drop dumpers on victims’ computers in order to collect login credentials and private keys from web browsers including Yandex Browser, Chromium, 7Star Browser, CentBrowser, and versions of Microsoft Outlook from 1997 through 2016.

Security researchers observed that attackers behind Zebrocy run commands manually to collect login credentials and private keys from web browsers and email clients.

The big picture

In late August 2018, the Sofacy group, also known as Fancy Bear, Sednit, or STRONTIUM launched a spearphishing email campaign that distributed shortened URLs which delivered the first stage of Zebrocy components.

  • The shortened URL redirects victims to an IP-address-based URL, where the archived payload is located.
  • The archive includes two files – an executable file and a decoy PDF document.
  • The PDF document appears to be empty, however, the downloader runs in the background.
  • The stage-1 downloader downloads a C++ based new downloader, which in turn downloads a Delphi-based Zebrocy downloader after the creation of an ID.

The Delphi-based Zebrocy downloader is split into four different hex-encoded, encrypted blobs that contain different parts of the configuration.

Backdoor capabilities

Once the backdoor communicated about its newly compromised machine, attackers take control of the backdoor and start sending commands manually.

  • The first set of commands collect information about the victim’s system and environment.
  • These commands don’t have any arguments.
  • The next set of commands are executed immediately after the backdoors are activated.
  • The attackers behind Zebrocy drop dumpers on victims’ computers in order to collect more information.
  • These dumpers collect login credentials and private keys from web browsers including Yandex Browser, Chromium, 7Star Browser (a Chromium-based browser), CentBrowser, and versions of Microsoft Outlook from 1997 through 2016.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket