HSE/Department of Health Hack (1 Viewer)

oh, agreed. i work for a company which gets nation state level attention so a lot of our security guys are shit hot. but we're spread across the world, which means there's always going to be rogue systems unpatched and forgotten about knocking around the place.
i'm responsible for the AV on approx 120k systems but thankfully i'm not on the incident management side of cyber security (means i don't get woken at 2am over an incident). it's more my job to worry about a duff IPS engine update bluescreening systems than it is to worry about what the software is actually detecting.
I am on the incident response team in my place. Well, we were a small startup (bigger now), so we were responsible for everything.

I remember going to the 2019 all-ireland final and getting paged while I was in the Ilac Center, about to head to Croke Park. Thankfully someone covered for me, but talk about poxy timing.

Incidentally, that alert was triggered by an ssh attack from a 'known rogue actor', and was interpreted by our system as an attempted data exfiltration attack. Basically, an 'ssh' to a linux system caused a reverse DNS lookup of the source of the ssh attempt. A DNS lookup of a 'known rogue actor', triggers the highest severity security alert, even though its totally a false alarm. Still reassuring to know all the same.
 
I remember going to the 2019 all-ireland final and getting paged while I was in the Ilac Center, about to head to Croke Park. Thankfully someone covered for me, but talk about poxy timing.
speaking of timing, a few years back my brother rang me on a thursday or friday (i think a friday) and jokingly asked 'well, i bet you're having a shit day'. i didn't have a clue what he was talking about, i was standing on the side of a hill (at the carrowkeel passage tombs) and had not seen the news about wannacry. i was able to go about the rest of my holiday. if i'd not been on leave, that'd have been a fun weekend.
 
turns out i know someone working on the incident, albeit on the fringes. nothing juicy that he's shared with me (not that i'd mention it here anyway)
 
What is that when its translated out of nerd
- nothing in there to indicate how they got onto the network in the first place
- HSE has had the ransomware run, so files got encrypted & everything was then taken offline
- Dept Health found the intrusion and were able to prevent it running the actual ransomware stuff, but everything taken offline anyway as a precaution
 
Cobalt Strike is essentially a security toolkit which can be used for testing your own network for vulnerabilities, but as is often the case with these tools, can be used for nefarious purposes. they used it as a means of getting their malware where they wanted it. but as pete mentioned, it doesn't explain (and they probably don't know) how it got in.
 
What’s funny is that the surname of the person responsible for Cobalt Strike (Raphael Mudge) is the same as the nickname of one of the l0pht guys. COINCIDENCE?
 

Users who are viewing this thread

Activity
So far there's no one here
Old Thread: Hello . There have been no replies in this thread for 365 days.
Content in this thread may no longer be relevant.
Perhaps it would be better to start a new thread instead.

21 Day Calendar

Mohammad Syfkhan 'I Am Kurdish' Dublin Album Launch
Bello Bar
1 Portobello Harbour, Saint Kevin's, Dublin, Ireland
Mohammad Syfkhan 'I Am Kurdish' Dublin Album Launch
Bello Bar
1 Portobello Harbour, Saint Kevin's, Dublin, Ireland
Bloody Head, Hubert Selby Jr Infants, Creepy Future - Dublin
Anseo
18 Camden Street Lower, Saint Kevin's, Dublin, Ireland

Support thumped.com

Support thumped.com and upgrade your account

Upgrade your account now to disable all ads... If we had any... Which we don't right now.

Upgrade now

Latest threads

Latest Activity

Loading…
Back
Top