Track Common Adversary Tasks Performed Using 4H RAT

 





To know more about it, you can go through my detailed document by clicking here







Overview

4H RAT (Remote Access Trojan) is a malware used by Putter Panda (associated with Chinese Shadow army) which is a hacker organization that mainly attacks American and European government organizations in order to globally strengthen the technological foothold of the country.

 Tactics

They log-in into various social media accounts such as Gmail, Twitter, Facebook, etc. and lure the victims to download the malware that would eventually be used to breach into new systems. Once the victims clicks on the malware embedded documents, the attackers gain control over their PCs through which they gain access to all the sensitive data like blueprints, customer lists, etc.

They mainly targets aerospace companies, satellite and remote sensing technology, etc.

Defensive Measures:

  • Training- As humans tend to make mistakes in an IT industry, a regular social engineering awareness training is recommended, so that, they can become the primary firewall to defend against social engineering attacks.

  • Defense in Depth- An in-depth defense strategy can be applied, that instead of preventing the attack, slows down the progression of the attack just enough, so that the defenders can take action in the meantime. 

  • Intrusion Detection systems- They can be used in order to detect various attacks like buffer overflows, CGI attacks, SMB probes, OS fingerprinting, etc.

  • System Integrity Verifiers (SIV)- Any changes in the system components can be detected while also comparing the snapshots of file systems with the pre-existing baseline snapshots in order to secure against any kind of system intrusion.

  • Multihomed Firewalling- This technique can be used in which firewalls having more than one interfaces to further subdivide the network are required, in order to minimize the amount of damage done by an attacker on a private network.

  • Honeypot- This method is used to attract or trap the attackers trying to gain unauthorized access, in order to learn more about their motives and objectives.

  • Patch Management- The defender must have up-to-date software and firmware patches, so that they can be deployed whenever needed.









To know more about it, you can go through my detailed document by clicking here


















Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)