Cyber Affairs
No Result
View All Result
  • Login
  • Register
[gtranslate]
  • Home
  • Live Threat Map
  • Books
  • Careers
  • Latest
  • Podcast
  • Popular
  • Press Release
  • Reports
  • Tech Indexes
  • White Papers
  • Contact
Social icon element need JNews Essential plugin to be activated.
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
COMMUNITY
NEWSLETTER
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
NEWSLETTER
No Result
View All Result
Cyber Affairs
No Result
View All Result
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers

TLS-SparkCockpit & SparkTar Malware Ivanti’s Pulse Secure VPN

admin by admin
Mar 4, 2024
in News
A A
0

A recent investigation has uncovered a flaw in internet-connected doorbell cameras, specifically affecting Ivanti’s Pulse Secure appliances.

The NVISO Incident Response team discovered the discovery, which identified two covert TLS-based backdoors, SparkCockpit and SparkTar, allowing attackers to hijack these devices and gain unauthorized access to internal networks.

The investigation was triggered by a critical-sector organization that observed a compromise of their Ivanti appliance, leading to the discovery of these sophisticated backdoors.

Sophisticated Attack Techniques

Both SparkCockpit and SparkTar employ selective interception of TLS communication towards legitimate Ivanti server applications, which helps them avoid detection.

SparkTar is particularly advanced and capable of surviving factory resets and appliance upgrades.

It also allows for file uploads, command execution, and setting up SOCKS proxies to relay attacker traffic directly into the organization’s network.

The NVISO team found that these backdoors could evade detection by most network-based security solutions, offering attackers persistence and remote access capabilities, including traffic tunneling through SOCKS proxies.

SparkCockpit: A Closer Look

SparkCockpit was deployed through an evolution of the Pulse Secure BUSHWALK web shell and provides basic upload/download capabilities alongside command execution.

It achieves boot persistence by patching the configuration of the RemoteSpark’s server component, SparkGateway, to load a malicious security.jar plugin.

SparkCockpit Operational Overview
SparkCockpit Operational Overview

SparkTar: A More Complex Threat

SparkTar, on the other hand, is more complex and provides a more flexible toolset for attackers. It includes input/output streaming for commands and deeper persistence mechanisms.

The backdoor controller libchilkat, which is unrelated to legitimate Chilkat commercial tools, is responsible for launching the backdoor and ensuring its persistence.

SparkTar Operational Overview
SparkTar Operational Overview

NVISO’s Response and Community Support

NVISO has created detection rules to help organizations determine if these backdoors have impacted them.

The company, a European cybersecurity leader, is committed to sharing knowledge and supporting organizations in protecting against advanced and evolving cyber threats.

NVISO’s findings have been corroborated by research from Mandiant and partially observed by Fortinet.

A recent tweet from NVISO Labs released an Incident response about covert TLS n-day backdoors: SparkCockpit & SparkTar

Implications for Security

The presence of these backdoors in Ivanti’s Pulse Secure appliances highlights the need for increased vigilance and improved security measures for internet-connected devices.

Organizations using Ivanti devices are advised to review NVISO’s report and apply the provided detection rules to safeguard against potential compromises.

In conclusion, the discovery of SparkCockpit and SparkTar backdoors serves as a critical reminder of the persistent and sophisticated nature of cyber threats. Organizations must continuously enhance their security posture and resilience to protect against such advanced tactics.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.



Read the full article here

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

[mc4wp_form id=”387″]

Recent News

  • Understanding the Implications & Guarding Privacy- Axios Security Group
  • Hackers Actively Using Pupy RAT to Attack Linux Systems
  • Buckle Up_ BEC and VEC Attacks Target Automotive Industry

Topics

  • AI
  • Books
  • Careers
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • News
  • Podcast
  • Reports
  • Tech Indexes
  • Uncategorized
  • White Papers

Get Informed

[mc4wp_form id=”387″]

Social icon element need JNews Essential plugin to be activated.

Copyright © 2022 Cyber Affairs. All rights reserved.

No Result
View All Result
  • Home
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers

Copyright © 2022 Cyber Affairs. All rights reserved.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.