Zombie Zero
   HOME

TheInfoList



Click Here for Items Related To - Zombie Zero
OR:
Zombie Zero on:   [Wikipedia]   [Google]   [Amazon]

Zombie Zero is an
attack vector In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack ve ...
where a
cyber attack A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...
er utilized malware that was clandestinely embedded in new
barcode reader A barcode reader is an optical scanner that can read printed barcodes, decode the data contained in the barcode to a computer. Like a flatbed scanner, it consists of a light source, a lens and a light sensor for translating optical impulses into ...
s which were manufactured overseas. It remains unknown if this attack was promulgated by
organized crime Organized crime (or organised crime) is a category of transnational, national, or local groupings of highly centralized enterprises run by criminals to engage in illegal activity, most commonly for profit. While organized crime is generally th ...
or a
nation state A nation state is a political unit where the state and nation are congruent. It is a more precise concept than "country", since a country does not need to have a predominant ethnic group. A nation, in the sense of a common ethnicity, may i ...
. Clearly there was significant planning and investment in order to design the malware, and then embed it into the hardware within the barcode scanner. Internet of things (IoT) devices may be similarly preinstalled with malware that can capture the network passwords and then open a
backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so titl ...
to attackers. Given the high volume of these devices manufactured overseas high caution is to be exercised before placing these devices on corporate or government networks.


Detailed data on the attack

A malware embedded scanner was installed on a
wireless network A wireless network is a computer network that uses wireless data connections between network nodes. Wireless networking is a method by which homes, telecommunications networks and business installations avoid the costly process of introducing ...
. An attack against the internal network initiated automatically using a
server message block Server Message Block (SMB) is a communication protocol originally developed in 1983 by Barry A. Feigenbaum at IBM and intended to provide shared access to files and printers across nodes on a network of systems running IBM's OS/2. It also provide ...
protocol. The stolen data which was scanned included every piece of information about the item, destination address, source and more. This was sent clandestinely to a
command and control Command and control (abbr. C2) is a "set of organizational and technical attributes and processes ... hatemploys human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or en ...
connection back to a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
in China. This botnet connected to the Lanxiang Vocational School located in the
China Unicom China United Network Communications Group Co., Ltd. () or China Unicom () (CUniq in short) is a Chinese state-owned telecommunications operator. Started as a wireless paging and GSM mobile operator, it currently provides a range of services i ...
network for Shandong province. This school in China has been connected to previous attacks, including
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
and the
Operation Aurora Operation Aurora was a series of cyber attacks conducted by advanced persistent threats such as the Elderwood Group based in Beijing, China, with ties to the People's Liberation Army. First publicly disclosed by Google on January 12, 2010, in ...
attack. The manufacturer of the scanner was located just a few blocks away from the school. The botnet then downloaded a second payload that broadened the command and control which now extended to the target company's corporate servers in finance. The attackers were looking for logistics data on all shipping on a worldwide basis, and the attackers had succeeded in obtaining detailed financial data on all customers and shipments.


Detection

Zombie Zero can be detected using
deception technology Deception technology is a category of cyber security defense mechanisms that provide early warning of potential cyber security attacks and alert organizations of unauthorized activity. Deception technology products can detect, analyze, and defend ...
.


References

{{Reflist Cyberattacks