Stablecoin, an upcoming Facebook development, will be the base of fully new payment network, reports…
For a long time studying the activity of APT33, researchers were able to figure out how the group manages its infrastructure, which is a multilayer and isolated system designed to hide the activity of APT33 operators from the attention of specialists. Analysts write that there are four levels of protection between APT33 operators and their goals:
However, as it turned out, APT33 never uses commercial VPN servers to hide its location, as other groups do. Instead, hackers created their own VPN network, because it’s not difficult to rent a couple of servers and use open source software (for example, OpenVPN). However, issue with VPN ultimately facilitated the tracking of groupings by researchers.
Read also: US authorities warn of the dangers of public charging stations using USB
The fact is that as a result, Trend Micro specialists found it enough to observe only a few IP addresses. If APT33 used commercial VPNs, their activity would easily be lost among other traffic.
“APT33 probably only uses its VPN exit nodes. We’ve been tracking some of the private output nodes of the VPN group for more than a year, and have listed the IP addresses we know in the table below”, – write Trend Micro experts.
Interestingly, the group uses proprietary VPNs not only to connect to botnet control panels, but also for other tasks, including reconnaissance of networks related to the oil industry. Therefore, researchers have seen how some of the above IP addresses were used for reconnaissance in the networks of an unnamed oil company, military hospitals in the Middle East, as well as an unnamed oil company in the United States.
Given APT33’s interest in the oil industry (Trend Micro warns that hackers have also visited sites used to hire people in the oil and gas sector), companies are advised to check the security logs and look for the IP addresses listed in them, that is, make sure that APT33 is not interested in them.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…