BF-SIRT Newsletter 2018-07 november 8, 2018/in Newsletter /door johan_kanNCCGroup rebuilt NotPetya, replacing its destructive payload with telemetry and safeguards to see what the impact could have been. They found the following: The customer ran it on one machine in their engineering network with no privileges. It found three machines unpatched. It exploited those three machines to obtain kernel level access. It infected those three machines. Within ten minutes it had gone through the entire engineering network using recovered/stolen credentials. It then took the domain about two minutes later. 107 hosts were owned in roughly 45 minutes before the client initiated the kill and remove switch. Top 5 Security links A rebuilt NotPetya gets its first execution outside of the lab Cryptomining script poisons government websites – What to do Hackers Exploit ‘Telegram Messenger’ Zero-Day Flaw to Spread Malware Winter Olympics network outages blamed on unexplained cyberhack UK names Russia as source of NotPetya, USA follows suit https://basefarm.nl/wp-content/uploads/2018/02/anonymous-studio-figure-photography-facial-mask-38275.jpeg 1669 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:46:062020-05-19 11:09:43BF-SIRT Newsletter 2018-07