VPN provider IPany breached, malware pushed to customers

OVERKILL

OVERKILL

$100 Site Donor 2021
Joined
Apr 28, 2008
Messages
61,194
Location
Ontario, Canada
https://www.bleepingcomputer.com/ne...n-supply-chain-attack-to-push-custom-malware/

From the article:
South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom 'SlowStepper' malware.

The hackers managed to infiltrate IPany's development platform and insert its custom 'SlowStepper' backdoor on its installer ('IPanyVPNsetup.exe'), which infected customer systems when the VPN was installed.

According to ESET researchers who uncovered the supply chain attack, companies impacted by the attack include a South Korean semiconductor firm and a software development company. However, the first signs of infected victims date back to November 2023 in Japan.

I doubt this product is popular in the West, but does go to show the lengths some of these Chinese hacker groups are going to in order to compromise "low value" targets like consumer systems.
 
Dave Hess said:
What the best security for a consumer iPad / iPhone…. ?
Click to expand...

Unless you need to mask your location or specific traffic from your ISP - almost every website / service out there is encrypted.

Sure your ISP can see that you logged into BITOG, but they can't see the exact URLs, what you were viewing, your password. Same with facebook, reddit, etc. It's all encrypted and you can see that there was traffic there, but they can't get any discernable information out of it.
 
SwampSurvivor said:
Unless you need to mask your location or specific traffic from your ISP - almost every website / service out there is encrypted.

Sure your ISP can see that you logged into BITOG, but they can't see the exact URLs, what you were viewing, your password. Same with facebook, reddit, etc. It's all encrypted and you can see that there was traffic there, but they can't get any discernable information out of it.
Click to expand...

Data harvesting from your DNS queries and NetFlow (for traffic patterns) are probably the biggest things you're giving up to your ISP. You can glean the website/domain information from the SSL/TLS handshake too (it's in the SNI), not just DNS, but DNS is a bit easier. If you're using DoH, your DNS is encrypted in transit, but you're still probably using their servers.

By using a VPN provider, you're just giving it to someone else. I "trust" my home ISP more than I trust most VPN providers. I don't use random wifi in stores or hotels, which may be a better use case for a VPN provider.
 
Last edited:
rijndael said:
Data harvesting from your DNS queries and NetFlow (for traffic patterns) are probably the biggest things you're giving up to your ISP. You can glean the website/domain information from the SSL/TLS handshake too (it's in the SNI), not just DNS, but DNS is a bit easier. If you're using DoH, your DNS is encrypted in transit, but you're still probably using their servers.

By using a VPN provider, you're just giving it to someone else. I "trust" my home ISP more than I trust most VPN providers. I don't use random wifi in stores or hotels, which may be a better use case for a VPN provider.
Click to expand...
Yep, I trust the Federal (lol, I know I know) Cyber Security agency CIRA, which runs a DNS protection service (including DoH) more than I trust my ISP (Bell). My home network is setup with a PiHole set up to make queries only to CIRA over DoH and my firewall blocks all well known 3rd party DNS servers as well as port 53 and most VPN's.
 
rijndael said:
Data harvesting from your DNS queries and NetFlow (for traffic patterns) are probably the biggest things you're giving up to your ISP. You can glean the website/domain information from the SSL/TLS handshake too (it's in the SNI), not just DNS, but DNS is a bit easier. If you're using DoH, your DNS is encrypted in transit, but you're still probably using their servers.

By using a VPN provider, you're just giving it to someone else. I "trust" my home ISP more than I trust most VPN providers. I don't use random wifi in stores or hotels, which may be a better use case for a VPN provider.
Click to expand...

I've been saying that for years. I trust my ISP more than I trust some random VPN client with that info.
 
buster said:
China is on a roll....I wonder if we're doing the same to them?
Click to expand...
Probably. There is a cyber war going on out of sight and everyone is monitoring everyone with backdoors, 0-days, and compromised people in all agencies and businesses. We've gone beyond listening to rooms by bouncing IR lasers from embedded crystals in window glass in the 60's to who knows what kind of wonder tech.

We can read peoples minds in fMRI machines including turning EEG waves into audio to listen to the thoughts in someone's brain. https://arxiv.org/abs/2306.11629 Can our latest super tech do this remotely? Can we do the same to air gapped computers? Do the 3 letter agencies have quantum computers that are far more capable than what Google / Microsoft / and D-Wave advertise? We can probably break a lot more encryption algos than our adversaries.

I'd wager that our AI that can most likely predict future outcomes, Palantir is likely leading this space. This is already happening with private quantitative hedge funds that are making billions with < 10 person teams.


Chinese tech has compromised our communication systems.

https://www.cfr.org/backgrounder/chinas-huawei-threat-us-national-security
https://www.nbcnews.com/tech/securi...e-data-8-telecoms-us-officials-say-rcna182942

Hardware built in China (and likely other places) has been modified with additional chips hidden within the PCB that can only be discovered with X-Ray analysis.

https://www.bloomberg.com/news/feat...ny-chip-to-infiltrate-america-s-top-companies

Firmware has been manipulated as well.

Chinese transformers have been found to have remote disconnect switches:
https://www.controlglobal.com/home/blog/11289699/information-technology
https://www.powertransformernews.co...es-trump-ban-on-chinese-electrical-equipment/


Offering a janitor $50 provided secure building access to penetration testers. Imagine what $100k will do?
 
You must log in or register to reply here.

Similar threads

OVERKILL
The dumpster fire that is Fortinet
2
Replies
26
Views
1K
OVERKILL
OVERKILL
Fortinet gets owned... again
Replies
8
Views
1K
mk378
OVERKILL
  • Locked
Salt Typhoon hacking group gained access to 9 US telecom company networks
Replies
0
Views
235
OVERKILL
OVERKILL
FBI removes Chinese PlugX malware from US computers
2
Replies
23
Views
837
BaronHK
OVERKILL
Chinese botnet disrupted by the FBI - consumer devices affected
2
Replies
25
Views
2K
Snagglefoot
Back
Top Bottom