JSC State Technical Service

On 14 September this year at the KazHackStan Turan conference, experts of the State Technical Service JSC presented a report “Secrets of APT: Microsoft Exchange as a weapon of attackers”, in which they shared technical details of the cyberattack on critical infrastructure.

Experts from the National Information Security Coordination Centre found that the attackers used the features of the Microsoft Exchange mail server (IIS) and the .NET Assembly platform to escalate privileges and gain control over sensitive information. During the attack, members of the STA-2201 hacker group employed sophisticated backdoors that exploited ViewState and Transport Agent technology to take over and control access over infrastructure. The malware was controlled from overseas servers as well as using emails from other infected email servers.

Based on the results of the cyber incident investigation in co-operation with the affected parties, the targeted cyber-attack was neutralized. In addition, a technical report was sent to the information security operational centers to search for traces and neutralize possible compromise on protected critical information and communication infrastructure objects.

The second day of the Secure Development day conference is dedicated to the principles of secure software development, current vulnerabilities and modern methods of protection.

Recall that on 13 September in Almaty started a practical conference on cyber security KazHackStan Turan. The results of the cyber-polygon will be announced tomorrow.

More detailed information about the programme and speakers is available on the official website KazHackStan.com (https://kazhackstan.com/).