sb-as logo
Story image

Danti: Destroying your data through one unpatched exploit

31 May 2016

Danti is one of the newest and most dangerous groups of hackers taking advantage of a dangerous exploit that can gain access to IT systems and infect organisations with malware.

The CVE-2015-2545 exploit, part of Microsoft Office software, was patched at the end of 2015. However, it is still being used by hacker groups such as Danti, Platinum, APT16, EvilPost and SPIVY groups.

Danti hackers have used high-ranking Indian government officials to appeal genuine. The emails are spear-phishing emails, used to install the Danti backdoor and then allowing hackers to gain access and private data from the infected device.

The CVE-2015-2545 exploit uses an EPS image file as the delivery method. Because it uses PostScript technique, it can avoid being detected by Windows' Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) tools.

Since February, The hackers have been prevalent, particularly government IT system hackings, with reports from Kaspersky Security Network stating that Danti trojans have been detected places such as Kazakhstan, Nepal and the Philippines.

Alex Gostev, Chief security expert at Kaspersky Lab Research Center in APAC, says,“Waves of attacks conducted with the help of just one vulnerability suggests two things: firstly, that threat actors tend not to invest many resources into the development of sophisticated tools, like zero-day exploits, when 1-day exploits will work almost as well. Secondly, that the patch-adoption rate in the target companies and government organidations is low.

We urge companies to pay closer attention to patch-management in their IT infrastructure in order to protect themselves from known vulnerabilities at the very least.”

Researchers from Kaspersky Lab believe the Danti hackers also operate the Nettraveler and DragonOk hacker groups, run by Chinese speakers. Other CVE-2015-2545 attacks have been documented in Thailand and Taiwan. Although they are different, the attacks reportedly have features in common with Danti and another cyberespionage group called APT16.

According to Kaspersky, cyberespionage groups and hackers are increasingly targeted known vulnerabilities in operating systems that have not been patched, because it still delivers a reasonable infection rate and is also cheaper to implement. 

Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
Majority of industrial enterprises face increase cyber threats since COVID-19
Leadership's top cyber security priority was implementing new technology solutions since the onset of the pandemic.More
Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More