Saturday, December 2, 2023

Russia Launch Heavy Cyber Attack on Singapore During Donald Trump & Kim Summit

Russia launches a rapid cyber attack on Singapore during President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel.

Cyber attacks are receiving from various countries at that time, but  97% of all attacks coming from Russia that belongs to various sectors and platform based attacks.

The heavy attack was discovered From June 11 to June 12, 2018, and it initially starts from Brazil that targeting port SIP 5060.

Port SIP 5060 IP phones to transmit communications in clear text; this was the single most attacked port.

There is no doubt and secret that Russia always targeting various sector in the U.S and performing various sophisticated attacks and US-Cert already warned that  Russia maintaining persistent access to small office and home office routers warning of widespread espionage.

In this case, Initial stage of the attack performing reconnaissance scans from the Russian IP address and it was actively targeting the variety of ports.

Telnet, consistent with IoT device attacks were mainly targeted to gain access to the vulnerable systems.

“Other ports attacked include the SQL database port 1433, web traffic ports 81 and 8080, port 7541, which was used by Mirai and Annie to target ISP-managed routers, and port 8291, which was targeted by Hajime to PDoS MikroTik routers.”

Also Read: Massive Sigma Ransomware Attack From Russia-Based IPs and Lock the Victims Computers

Heavy Attack on June 12, 2018

The day President Trump met with Kim Jong-un in Singapore, Approximately 40,000 attacks were launched Between the time  on 6/11/2018 to 6/12/2018 ( 11:00 p.m. through 8:00 p.m)

Most of the Attacks (92 %) were registered as reconnaissance scans that eagerly looking for vulnerable devices and the other 8% of attack belongs to exploit based Attacks.

After Russia, most of the attacks come from China, US, France, and Italy and Brazil hold the sixth position.

According to F5 Labs, Singapore was the top destination of the attacks by a large margin, receiving 4.5 times more attacks than the U.S. or Canada. Singapore is not typically a top attack destination country; this anomaly coincides with President Trump’s meeting with Kim Jong-un.

Attack Destination Ports

Based on the F5 Labs report these are the ports in order of prevalence were targeted in the Singapore attacks:

  1. 5060 — clear text Session Initiation Protocol (SIP)
  2. 23 — Telnet remote management
  3. 1433 — Microsoft SQL Server database
  4. 81 — Alternate web server port for host-to-host communication
  5. 7547 — TCP port used by ISPs to remotely manage routers via the TR-069 protocol
  6. 8291 — Remote management port commonly used by MikroTik routers
  7. 8080 — Alternate web server port often used for a proxy server or caching

The SIP port 5060 received 25 times more attacks than port 23 in the #2 position an the Telnet is the most commonly attacked remote administration port by IoT attackers that enable them to spy on communications and collect data.

It was unclear that how may victims were compromised during the heavy cyber attack and the researchers are continuously analyzing.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles