Zombie Zero
   HOME

TheInfoList



Click Here for Items Related To - Zombie Zero
OR:
Zombie Zero on:   [Wikipedia]   [Google]   [Amazon]

Zombie Zero is an
attack vector In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack ve ...
where a
cyber attack A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...
er utilized
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
that was clandestinely embedded in new
barcode reader A barcode reader or barcode scanner is an optical scanner that can read printed barcodes and send the data they contain to computer. Like a flatbed scanner, it consists of a light source, a lens, and a light sensor for translating optical impul ...
s which were manufactured overseas. It remains unknown if this attack was promulgated by
organized crime Organized crime is a category of transnational organized crime, transnational, national, or local group of centralized enterprises run to engage in illegal activity, most commonly for profit. While organized crime is generally thought of as a f ...
or a
nation state A nation state, or nation-state, is a political entity in which the State (polity), state (a centralized political organization ruling over a population within a territory) and the nation (a community based on a common identity) are (broadly ...
. Clearly there was significant planning and investment in order to design the malware, and then embed it into the hardware within the barcode scanner.
Internet of things Internet of things (IoT) describes devices with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other communication networks. The IoT encompasse ...
(IoT) devices may be similarly preinstalled with malware that can capture the network passwords and then open a
backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so tit ...
to attackers. Given the high volume of these devices manufactured overseas high caution is to be exercised before placing these devices on corporate or government networks.


Detailed data on the attack

A malware embedded scanner was installed on a
wireless network A wireless network is a computer network that uses wireless data connections between network nodes. Wireless networking allows homes, telecommunications networks, and business installations to avoid the costly process of introducing cables int ...
. An attack against the internal network initiated automatically using a
server message block Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows ...
protocol. The stolen data which was scanned included every piece of information about the item, destination address, source and more. This was sent clandestinely to a command and control connection back to a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ...
in China. This botnet connected to the
Lanxiang Vocational School The Shandong Lanxiang Vocational School (), colloquially Lanxiang (), is a vocational school in the Tianqiao District of Jinan, Shandong, China. The school was founded in 1984 and is said to have been established with support from the People's ...
located in the
China Unicom China United Network Communications Group (China Unicom) is a Chinese state-owned telecommunications operator. Originally founded (on January 6 2009) as a wireless paging and GSM mobile operator, it currently provides a range of services inclu ...
network for
Shandong Shandong is a coastal Provinces of China, province in East China. Shandong has played a major role in Chinese history since the beginning of Chinese civilization along the lower reaches of the Yellow River. It has served as a pivotal cultural ...
province. This school in China has been connected to previous attacks, including
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
and the
Operation Aurora Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. First disclosed publicly by Google (one of the vic ...
attack. The manufacturer of the scanner was located just a few blocks away from the school. The botnet then downloaded a second
payload Payload is the object or the entity that is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of t ...
that broadened the command and control which now extended to the target company's corporate servers in finance. The attackers were looking for logistics data on all shipping on a worldwide basis, and the attackers had succeeded in obtaining detailed financial data on all customers and shipments.


Detection

Zombie Zero can be detected using
deception technology Deception technology (also deception and disruption technology) is a category of cyber security defense mechanisms that provide early warning of potential cyber security attacks and alert organizations of unauthorized activity. Deception technolog ...
.


References

{{Reflist Cyberattacks