Security Market Segment LS
Friday, 17 December 2021 09:59

Avast claims to have found backdoor in US Govt commission network Featured

Avast claims to have found backdoor in US Govt commission network Image by Pete Linforth from Pixabay

Security provider Avast claims to have found a backdoor on the Windows network of a US Government commission that is associated with international rights, but has been unable to get the body to engage in order to resolve the problem.

In a blog post, the Avast Threat Intelligence Team said it had decided to go public after making direct contact with the affected organisation but finding that thereafter "they would not respond, return communications or provide any information".

Given the lack of engagement, Avast said it had limited information to make public. "We are only able to describe two files we observed in the attack. In this blog, we are providing our analysis of these two files," the blog post said.

However, Avast said it had found that it was reasonable to conclude from an analysis of the two file that "attackers were able to intercept and possibly exfiltrate all local network traffic in this organisation".

"This could include information exchanged with other US government agencies and other international governmental and non-governmental organisations focused on international rights.

"We also have indications that the attackers could run code of their choosing in the operating system’s context on infected systems, giving them complete control."

Avast described one file as masquerading as oci.dll and abusing WinDivert, a kosher packet capture utility, to listen in on all communications.

"It allows the attacker to download and run any malicious code on the infected system. The main scope of this downloader may be to use priviliged local rights to overcome firewalls and network monitoring," the Avast team noted.

It said the second file also masqueraded as oci.dll, replacing the first file at a later stage of the process and operating as a decryptor.

The team concluded: "Because the affected organisation would not engage we do not have any more factual information about this attack. It is reasonable to presume that some form of data gathering and exfiltration of network traffic happened, but that is informed speculation.

"Further, because this could have given total visibility of the network and complete control of an infected system it is further reasonable speculation that this could be the first step in a multi-stage attack to penetrate this, or other networks more deeply in a classic APT-type operation."

More details are available on the Avast blog.

Read 1478 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News