Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

6 May, 2024: The networking issue during the past two days has been identified and appears to be fixed. Will keep monitoring.

computers / comp.mobile.android / Re: Russian GRU clumsy C++ based TOR attack on Android tablets

SubjectAuthor
* Russian GRU clumsy C++ based TOR attack on Android tabletsRudolph Rhein
`* Re: Russian GRU clumsy C++ based TOR attack on Android tabletsJörg Lorenz
 `- Re: Russian GRU clumsy C++ based TOR attack on Android tabletsGunther F

1
Russian GRU clumsy C++ based TOR attack on Android tablets

<ucqrq1$3e25a$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=44492&group=comp.mobile.android#44492

  copy link   Newsgroups: comp.mobile.android
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: RudolphR...@nospam.net (Rudolph Rhein)
Newsgroups: comp.mobile.android
Subject: Russian GRU clumsy C++ based TOR attack on Android tablets
Date: Thu, 31 Aug 2023 23:06:29 +0300
Organization: A noiseless patient Spider
Lines: 47
Message-ID: <ucqrq1$3e25a$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 31 Aug 2023 20:05:22 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="eaec071b03354adbe2fae38328ab8ed8";
logging-data="3606698"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18BzZlgzUwuPYPQ2CBFQADs/SKpJykXxyQ="
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha1:yYvTUh/w0IUJrh+p5DI1ZLGECV0=
 by: Rudolph Rhein - Thu, 31 Aug 2023 20:06 UTC

https://therecord.media/ukraine-battlefield-tablets-malware-sandworm-gru-five-eyes-report

Western intelligence and cybersecurity agencies published a report on
Thursday highlighting a collection of hacking tools being used by Russia's
military intelligence service against Android devices operated by the
Ukrainian Armed Forces.

The report, published by Britain's National Cyber Security Centre (NCSC) -
alongside agencies in the United States, Canada, Australia and New Zealand,
who form the Five Eyes intelligence alliance - names the malware "Infamous
Chisel."

It details how the malware enables the GRU to acquire unauthorized access
to compromised devices before scanning files, monitoring traffic and
periodically stealing sensitive information.

"Infamous Chisel is a collection of components which enable persistent
access to an infected Android device over the Tor network, and which
periodically collates and exfiltrates victim information from compromised
devices," explains the report, referencing the technology that anonymizes
internet traffic.

The components making up the malware "are low to medium sophistication and
appear to have been developed with little regard to defence evasion or
concealment of malicious activity," according to the new report.

They lack "basic obfuscation or stealth techniques to disguise activity"
according to the NCSC, although the agency says that the hackers behind the
malware may have assumed this was unnecessary as many Android devices don't
have a host-based detection system.

The report does credit the malware for two interesting techniques,
including how it maintains persistence by replacing the legitimate netd
system binary with a malicious version, and providing the hackers with
remote access to the devices "by configuring and executing Tor with a
hidden service which forwards to a modified Dropbear binary providing a SSH
connection." Dropbear is legitimate open source Unix-based software for
Secure Shell (SSH) servers, which encrypt network traffic.

"These techniques require a good level of C++ knowledge to make the
alterations and an awareness of Linux authentication and boot mechanisms,"
states the report.

Re: Russian GRU clumsy C++ based TOR attack on Android tablets

<ucqu6v$ganp$1@solani.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=44494&group=comp.mobile.android#44494

  copy link   Newsgroups: comp.mobile.android
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: hugyb...@gmx.net (Jörg Lorenz)
Newsgroups: comp.mobile.android
Subject: Re: Russian GRU clumsy C++ based TOR attack on Android tablets
Date: Thu, 31 Aug 2023 22:46:23 +0200
Organization: Camembert Normand au Lait Cru
Message-ID: <ucqu6v$ganp$1@solani.org>
References: <ucqrq1$3e25a$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 31 Aug 2023 20:46:23 -0000 (UTC)
Injection-Info: solani.org;
logging-data="535289"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
Gecko/20100101 Thunderbird/102.15.0
Cancel-Lock: sha1:uYgXb24DsPK9wU4bTEwoi3bzlqk=
In-Reply-To: <ucqrq1$3e25a$1@dont-email.me>
X-User-ID: eJwFwYEBgDAIA7CXBFsY52AH/59gwjcslAgGuNyDMs+pA+9b2Ezb9tYAV55kP8LUfiOTrf0UiRFn
Content-Language: de-CH
 by: Jörg Lorenz - Thu, 31 Aug 2023 20:46 UTC

Am 31.08.23 um 22:06 schrieb Rudolph Rhein:
> https://therecord.media/ukraine-battlefield-tablets-malware-sandworm-gru-five-eyes-report
>
> Western intelligence and cybersecurity agencies published a report on
> Thursday highlighting a collection of hacking tools being used by Russia's

Do we really need internet-relays? My google still works.

--
Alea iacta est

Re: Russian GRU clumsy C++ based TOR attack on Android tablets

<ucr0dd$k557$1@paganini.bofh.team>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=44497&group=comp.mobile.android#44497

  copy link   Newsgroups: comp.mobile.android
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: grunt...@nospam.edu (Gunther F)
Newsgroups: comp.mobile.android
Subject: Re: Russian GRU clumsy C++ based TOR attack on Android tablets
Date: Thu, 31 Aug 2023 15:25:04 -0600
Organization: To protect and to server
Message-ID: <ucr0dd$k557$1@paganini.bofh.team>
References: <ucqrq1$3e25a$1@dont-email.me> <ucqu6v$ganp$1@solani.org>
Reply-To: Gunther F <grunther@nospam.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 31 Aug 2023 21:23:58 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="660647"; posting-host="Ab9aN+8U2ttoyaF5jDZxUQ.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
Cancel-Lock: sha256:Va0VDk5UFbu0Y4zQzDtlec/IFL0nDLmlve2A4L3vhJM=
X-Notice: Filtered by postfilter v. 0.9.3
Content-Language: en-GB
 by: Gunther F - Thu, 31 Aug 2023 21:25 UTC

J�rg Lorenz <hugybear@gmx.net> said:

> My google still works.

For the retarded moron you are, it's surprising you can even spell Google.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor