FinFisher, the hacker that broke into Italian firm Hacking Team, has published a step-by-step account of how he carried out the attacks, what tools he used, and what he learned from scouting HackingTeam's network.
Published on PasteBin,
the attack's timeline reveals he entered their network through a
zero-day exploit in an (unnamed) embedded device, accessed a MongoDB
database that had no password, discovered backups in the database, found
a BES admin password in the backups, and eventually got admin access to
the Windows Domain Server.
From here, it was easy to reach into their
email server and steal all the company's emails, and later access Git
repos and steal the source code of their surveillance software.
No comments:
Post a Comment