6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak

  /     /     /  
Publicated : 22/11/2024   Category : security


6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak


Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.



Turns out that in May, David Vincenzetti, CEO of Italian surveillance company Hacking Team, filed complaints against six former employees accusing them of revealing proprietary source code. Now, Milan police are investigating those same individuals for the breach and doxing attack against Hacking Team this month, and have combined the two investigations.
Security researchers have described the companys flagship software, Remote Control System (RCS), the latest version of which is called Galileo, as simply legal spyware. Researchers at Malwarebytes last week called it basically nothing more than a Remote Access Trojan -- and quite a sophisticated one, with rich features and a BIOS rootkit.
Although Vincenzetti assured reporters last week that only part of the RCS code had been revealed in the attack, researchers at SensePost
reported Thursday
that they got RCS up and running.
Leaked emails also revealed that Hacking Team created a tactical network injector (TNI), which is a  piece of hardware ... designed to insert malicious code into Wi-Fi network communications, potentially acting as a malicious access point to launch exploits or man-in-the-middle attacks that was ruggedized and transportable by drones, according to
a report in Ars Technica
.
The emails included discussions between employees at Hacking Team and those at Insitu, a subsidiary of Boeing that manufacturers unmanned aircraft about a potentially integrating [a] WiFi hacking capability into an airborne system.
In addition to the RCS source code, a pile of critical vulnerabilities -- with detailed how-to documents to help Hacking Team customers exploit them -- were exposed in the breach, including several zero-days in Adobe Flash which were then wrapped into exploit kits. 
FireEye has discovered that one of the Flash vulnerabilities, CVE-2015-5122, was used to compromise two Japanese websites then launch further attacks against other Japanese targets,
the company disclosed Sunday
. Visitors to the compromised International Hospitality and Conference Service Association site were redirected to the compromised Cosmetech, Inc. site, where they were hit with a malicious .SWF file, which would in turn drop the SOGU (a.k.a. Kaba) malware, a backdoor commonly used by Chinese threat actors.
Researchers believe this may be a new SOGU variant -- it was using a previously unknown command-and-control server and a modified DNS TXT record beaconing with an encoding we have not previously observed with SOGU malware, along with a non-standard header.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak