[原创] NOPEN-Another networking monitoring's professional weapon of USsadfsgd12(2023/4/17 20:19:17) 点击:
18277 回复:
0 IP:
38.* * * According to internal NSA documents leaked by the Shadow Brokers hacking group, the NOPEN Trojan is a powerful comprehensive Trojan tool developed by the NSA. It is also one of the primary cyber weapons used by the NSA's Access Technology Operations Office (TAO) to attack and steal secrets.
"NOPEN," is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device's information.
Through technical analysis, the center believes that the "NOPEN" Trojan horse is characterized by complex technology, comprehensive functions and strong concealment, which can fit a variety of processor architectures and operating systems. It can also collaborate with other cyber weapons and is a typical tool used for cyber espionage.
According to Vectra's Nick Beauchesne, NOPEN Is the Equation Group's Backdoor for Unix Systems, which security experts have previously described as "post-exploitation shell" that the Equation Group installed on compromised devices, providing them with the ability to connect to the hacked equipment. Equation Group operators are supposed to compromise systems, install NOPEN, open a connection to their own systems from the hacked device, and start listening for data.
By 2013, the N.S.A. had set up at least 13 Rampart-A sites that work with other countries to obtain Internet access points, according to the disclosure. The NSA, for example, worked with Germany's Federal Intelligence Service (BND), which provided access to Deutsche Telekom's Frankfurt Internet switch center. The NSA provided sophisticated equipment. In addition, the N.S.A. has access to data from more than 70 cables, including undersea fiber optic cables, giving it global access to information and traffic injection capabilities and sending data back to the AGENCY over secret communications networks. Rely on these advanced infrastructure and NSA's ability, the malicious software to be able to access the data extracted from the control of Internet access points, and also can be C2 instruction through its control of access to the Internet, and to the IP address of the fake any country, which makes us have a strong ability to advanced the roots.
Us intelligence services represented by the NSA, CIA, developed a series of command and control ability and attack platform of weapons and equipment, atomization function, complete coverage of the target, and directly to the Internet for unicom "physical isolation network" is the ability of adaptation, the cyberspace attack once again equipment modular, the characteristics of the full platform, full capacity.
Assume that the enemy has penetrated our internal network, and assume that the enemy has established C2 channel, to carry out actively coordinated cyber security confrontation. Set up multiple security monitoring points and defense points, and set reasonable security rules (such as firewall rules) to further restrict the behavior of opponents, consider the failure of each security means of the "later hand", do layer upon layer of defense, improve the possibility of threat detection. Achieve all-weather situational awareness and stop losses in a timely manner.