Russia launches a rapid cyber attack on Singapore during President Donald Trump met with North Korean President Kim Jong-un in a Singapore hotel.
Cyber attacks are receiving from various countries at that time, but 97% of all attacks coming from Russia that belongs to various sectors and platform based attacks.
The heavy attack was discovered From June 11 to June 12, 2018, and it initially starts from Brazil that targeting port SIP 5060.
Port SIP 5060 IP phones to transmit communications in clear text; this was the single most attacked port.
There is no doubt and secret that Russia always targeting various sector in the U.S and performing various sophisticated attacks and US-Cert already warned that Russia maintaining persistent access to small office and home office routers warning of widespread espionage.
In this case, Initial stage of the attack performing reconnaissance scans from the Russian IP address 188.246.234.60 and it was actively targeting the variety of ports.
Telnet, consistent with IoT device attacks were mainly targeted to gain access to the vulnerable systems.
“Other ports attacked include the SQL database port 1433, web traffic ports 81 and 8080, port 7541, which was used by Mirai and Annie to target ISP-managed routers, and port 8291, which was targeted by Hajime to PDoS MikroTik routers.”
Also Read: Massive Sigma Ransomware Attack From Russia-Based IPs and Lock the Victims Computers
The day President Trump met with Kim Jong-un in Singapore, Approximately 40,000 attacks were launched Between the time on 6/11/2018 to 6/12/2018 ( 11:00 p.m. through 8:00 p.m)
Most of the Attacks (92 %) were registered as reconnaissance scans that eagerly looking for vulnerable devices and the other 8% of attack belongs to exploit based Attacks.
After Russia, most of the attacks come from China, US, France, and Italy and Brazil hold the sixth position.
According to F5 Labs, Singapore was the top destination of the attacks by a large margin, receiving 4.5 times more attacks than the U.S. or Canada. Singapore is not typically a top attack destination country; this anomaly coincides with President Trump’s meeting with Kim Jong-un.
Based on the F5 Labs report these are the ports in order of prevalence were targeted in the Singapore attacks:
The SIP port 5060 received 25 times more attacks than port 23 in the #2 position an the Telnet is the most commonly attacked remote administration port by IoT attackers that enable them to spy on communications and collect data.
It was unclear that how may victims were compromised during the heavy cyber attack and the researchers are continuously analyzing.
Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL injection…
A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution, which…
Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two…
Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which…
A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…
SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…
