GOVRAT V2.0
GovRat-2-FINAL2
GovRat-2-FINAL2
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>GOVRAT</strong> <strong>V2.0</strong><br />
ATTACKING US MILITARY AND GOVERNMENT<br />
In one of the files obtained from the bad actors, there was a comment related to the<br />
analysis of authentication mechanisms used in various government Web-resources for<br />
remote access. The bad actor noted that not all of the accounts require an RSA SecureID or<br />
external hardware token, making the collected compromised data extremely useful. And if<br />
the victim is using the same password, it might be possible to execute a successful login.<br />
The bad actors also outlined that in some cases military Web applications require the use of a specific proxy. In these cases,<br />
they organize reverse proxies 3 on the victims in order to access sensitive resources from the same network pool and even IP<br />
addresses.<br />
3) A back-connect or reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests<br />
to the appropriate backend server (C&C on the cybercriminal’s side).<br />
15