Skip to main content

Posts

Showing posts from December 17, 2019

Bayerische Motoren Werke (BMW) Hacked by -OceanLotus APT Hackers Group Penetrate the BMW Networks

A well-known APT Hackers group “OceanLotus” breach the automobile giant BMW network, and successfully installed a hacking tool called “Cobalt Strike” which help them to spy and remotely control the system. Security experts from BMW spotted that hackers penetrate the company network system and remain stayed active since March 2019. The OceanLotus APT group believed to be active on behalf of the State of Vietnam, and they mainly focus on the automobile industry. GBHackers previously  reported  various high profile malware attacks involved by the OceanLotus APT group around the globe since 2014, and the threat group targets private sectors across multiple industries, foreign governments. Last weekend, security experts from BMW take down the hacked computers and blocked the path that was used by hackers to penetrate the network. Florian Roth @cyb3rops BMW hacked by # OceanLotus in spring 2019 - used CobaltStrike - no evidence that they had acces...

Windows 0 - Day Exploit CVE-2019-1458 widly used by Hackers in Operation WizardOpium Cyber Attacks

Researchers discovered a  newly patched Windows Zero-day vulnerability  exploit already used in Operation WizardOpium attacks along with Chrome Zero-day exploit in last month. The attack was initially observed by Kaspersky researchers who have already uncovered a Google Chrome 0-day exploit that was used in the part of the attack. Further detailed investigation revealed that the exploit for Google Chrome embeds a 0-day EoP exploit ( CVE-2019-1458 ) that is used to gain higher privileges on the infected machine and also escape the Chrome process sandbox. Researchers observed the 2 different stages in EoP exploit, one is a tiny PE loader and another one is an actual exploit. Kaspersky products detect this exploit with the verdict PDM: Exploit.Win32.Generic. EoP exploit indicates that the vulnerability it used belongs to the win32k.sys driver and that the EoP exploit was the 0-day exploit, and it was confirmed by the researchers when they have tested with an exp...