A recent analysis revealed a critical data breach affecting SK Telecom (SKT) where hackers compromised the Home Subscriber Server (HSS) system, leading to the exposure of sensitive subscriber information. The malware, identified as “dbus-srv-bin.txt,” is believed to leverage root access and disguise itself as a legitimate process, posing significant risks to user privacy and security. Affected: SK Telecom, SKT users, subscriber data.
Keypoints :
- The malware “dbus-srv-bin.txt” was used to attack SK Telecom’s HSS system.
- Subscriber SIM information was leaked during this data breach.
- All SK Telecom users were urged to replace their SIM cards for security.
- The malware includes various checks to ensure it runs with root privileges.
- Malicious code disguises itself as the system process “dbus-daemon –system.”
- It establishes a reverse shell connection over SSL, ensuring encrypted communication with the attacker.
MITRE Techniques :
- T1059.004 – Command and Scripting Interpreter: Uses shell commands via a reverse shell.
- T1071.001 – Application Layer Protocol: Utilizes SSL for secure communication, obscuring traffic.
- T1043 – Commonly Used Port: Uses standard ports for communication to avoid detection.
- T1086 – PowerShell: Potential use of PowerShell-based commands through the reverse shell.
Indicator of Compromise :
- [MD5] 714165b06a462c9ed3d145bc56054566
- [SHA-1] 2ca9a29b139b7b2993cabf025b34ead957dee08b
- [SHA-256] aa779e83ff5271d3f2d270eaed16751a109eb722fca61465d86317e03bbf49e4
- [File Name] dbus-srv-bin.txt
- [Directory] /var/run/system.pid
Full Story: http://wezard4u.tistory.com/429471