The virus that was transmitted to the victims allows hackers to access a wide range of data. It can provide access to all aspects of the system, search through running processes, and download files on command, all of which increase the potential for abuse. Such covert operations are not unusual, but this one appears to have been large-scale.
Cicada Hacking Group Uses VLC for Launching Cyberattacks
This espionage campaign, which involves the popular VLC Media Player, appears to have begun. The targets include a wide spectrum of entities involved in legal, governmental, or religious activity, according to a report by Bleeping Computer. Non-governmental organizations (NGOs) have also been singled out for attack. Perhaps much more astonishing is the fact that these attacks have been extended to at least three continents. The United States, Hong Kong, India, Italy, and Canada are among the countries that have been targeted. Only one of the victims was from Japan, which was a bit surprising. After gaining access to the victim’s computer, the attackers were able to keep it running for up to nine months. VLC was used to spread malware, but the file itself was clean. It appears that a secure version of VLC was coupled with a malicious DLL file in the same location as the media player’s export functions. This is known as DLL side-loading, and Cicada isn’t the only one who uses it to inject malware into otherwise secure apps. Cicada’s unique loader was reportedly utilized in prior attacks linked to the hacker group. A Microsoft Exchange server was used to get access to the networks that were compromised first. In addition, a WinVNC server was installed to allow remote control of the systems infected with the concealed virus. Furthermore, an exploit known as Sodamaster was employed, which runs silently in system memory without the need for any files. It has the ability to avoid detection and postpone execution upon startup. Although these attacks are unquestionably dangerous, not every VLC user needs to be concerned. The media player was found to be virus-free, and the hackers appear to have taken a very targeted strategy, focusing on certain organizations. When it comes to PCs, however, it’s always crucial to stay on top of security. Check out? National Cyber Security Policy Emphasizes on Digital Transformation & Mitigation of Cyber Attacks