A few days ago I had the pleasure to interview one of the “The Iceman Group” member. I will publish more details soon.
Halfway through May ‘17, Kaspersky Labs revealed an unprecedented DNS attack on an unnamed Brazilian Bank on October 16’.
The attackers, it seems, took control of every DNS in the bank’s network, and by doing so - were able to reroute all bank related traffic through their own malicious servers. The attack lasted for 6 hours, in which countless records of valuable and private client information were leaked into the attacker’s hands.
Now, an individual reveals that the group standing behind this attack was “The Iceman Group”, a rising group in the world of Financial Hacking.
As for now, this is their only known attack, as most attacks apparently carried out by this group have yet been disclosed to the public. However, one of the member of the group have revealed a few details about their attack.
He revealed that “The Iceman Group” started their attack by aiming at the NIC.BR service - the one from which all Brazilian domains get their redirections. From this point on, finding and infecting the DNS servers of the said bank - now revealed to be Banrisul Bank - was a much easier task.
After the successful redirection of the DNS Records of the bank, Iceman turned their own servers into complete replicas of the Bank’s Services. SSL encryption of the traffic aimed for the replica servers was done by tricking the site “Let’s Encrypt” into believing The Iceman’s control over the servers was legit. The individual of the group claims that the group have used an inside access to several bank’s employees email accounts in order to deceive “Let’s Encrypt” company.
Throughout the 6 hours the attack lasted, every login attempt into the bank was transferred through the Iceman Group.
“Let this be a slight warning for you all finance crooks”, those were his last words.
A full interview will be published soon.
Halfway through May ‘17, Kaspersky Labs revealed an unprecedented DNS attack on an unnamed Brazilian Bank on October 16’.
The attackers, it seems, took control of every DNS in the bank’s network, and by doing so - were able to reroute all bank related traffic through their own malicious servers. The attack lasted for 6 hours, in which countless records of valuable and private client information were leaked into the attacker’s hands.
Now, an individual reveals that the group standing behind this attack was “The Iceman Group”, a rising group in the world of Financial Hacking.
As for now, this is their only known attack, as most attacks apparently carried out by this group have yet been disclosed to the public. However, one of the member of the group have revealed a few details about their attack.
He revealed that “The Iceman Group” started their attack by aiming at the NIC.BR service - the one from which all Brazilian domains get their redirections. From this point on, finding and infecting the DNS servers of the said bank - now revealed to be Banrisul Bank - was a much easier task.
After the successful redirection of the DNS Records of the bank, Iceman turned their own servers into complete replicas of the Bank’s Services. SSL encryption of the traffic aimed for the replica servers was done by tricking the site “Let’s Encrypt” into believing The Iceman’s control over the servers was legit. The individual of the group claims that the group have used an inside access to several bank’s employees email accounts in order to deceive “Let’s Encrypt” company.
Throughout the 6 hours the attack lasted, every login attempt into the bank was transferred through the Iceman Group.
“Let this be a slight warning for you all finance crooks”, those were his last words.
A full interview will be published soon.
Comments
Post a Comment