Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hudson Rock said the attackers proceeded to “compromise SSL VPN authentication hashes and compromise them using a large 45-GPU cluster managed through Hashtopolis.” From there, they used a GPU cluster to scramble the hashes, meaning trying a large combination of passwords until they found the right one. These passwords allow the attackers to move sideways to compromise Active Directory transactions and other central authentication systems.
“This dangerous approach has led to serious, real problems,” Hudson Rock said. “Diachenko’s research has confirmed total disparity in many organizations in Japan, Taiwan, Vietnam, Iraq, and Turkey. Most alarmingly, this includes Turkey’s NATO defense contractor where defense documents were successfully released by the group.”
In the interview, Diachenko made a brief statement. “Scale is a problem,” he said.
The scale didn’t stop there. The attackers used the main group to run a “recursive, 12-level recursive strategy”. In other words, there wasn’t just one controlled dictionary. Password writers are based on dictionaries containing up to eight words, common keyboard shortcuts, and confusing rules. Everything went backwards with each step. If the guesses were successful, the password was returned as a seed to generate more people. In other words, destructive strategies were better with any successful thinking.
“They were very smart about it,” the researcher said.
These new features differ greatly from the active protection of attackers, who left behind artifacts on the server they used. In hacking circles, such moves are considered game fouls.
Hudson Rock said that the top countries where the weapons were found were India, the US, Taiwan, Mexico, Turkey, and Thailand. The top industries affected are IT services, construction materials, telecommunications, construction and engineering, industrial equipment, and financial services. Other companies whose data appeared in the database were: Foxconn, Samsung, Comcast, Siemens, PwC, and Accenture. Hudson Rock said the database has listed thousands more, including major government agencies and essential service providers.
Firewalls have become a popular entry point for hackers. These devices accept connections from the Internet, stay close to the network, and can access important information within it.
The links above list several steps that users of Fortinet firewalls should take to keep their networks secure. Since the data has been made available to cybercriminals and other potentially dangerous individuals who, like Diachenko, have obtained it, the risk is high.
