There have been several cyber attacks being conducted over Russia and Ukraine in connection with the conflict between the two countries. Nonetheless, this incident is nowhere connected to cyberattacks. A Hacker was able to infiltrate the Regional Ministry of Health in Russia without any complex techniques and methods.
Known by the alias name “Spielerkid89” was able to take control of a system that belonged to the Regional Ministry of Health in Russia. He claimed that he didn’t intentionally do it for malicious purposes. But he set a perfect example of how an organization belonging to the government was vulnerable due to poor security practices.
Russia, which is known for its devastating capabilities with military and cyber defenses was vulnerable to something they never would have imagined about. As evidence suggests, Russia is preparing to cut itself from the global internet.
The Hack
The hacker chose to remain anonymous about his personal identification. Spielerkid89 was conducting some vulnerable scans on IP’s belonging to Russia. He used the Shodan search engine which is used widely by attackers. He was able to find an open Virtual Network Computing (VNC) port that had authentication disabled.
VNC is used widely by people working from remote places. Technically, VNC is used to access a work computer from home or any other place. It usually contains an authentication method to give the username and password which is set by the system administrator. Systems specifically assigned to employees are set with VNC authentication and their users are provided with the credentials.
As reports suggest, the system at the Russian ministry didn’t seem to have any authentication on the VNC port which was discovered by Spielerkid89. This resulted in complete control of the system with which he was able to see files and other things present on the system.
“I was able to access people’s names, other IP addresses pointing to other computers on the network, and financial documents, too,” – Spielerkid89
The hacker also posted a screenshot as proof of his attack.
A malicious hacker could exploit this vulnerability and exploit it in any way he wants like ransomware, move inside the network laterally, steal sensitive information, and could even deploy malware.
“You can do anything you want, basically with full, unfettered access, It was so easy to gain access to these systems. They shouldn’t be there unauthenticated. That’s a serious security breach of assets right there. I didn’t need anything to get it, really. The most common ones are RDP and VNC because access brokers essentially sell those credentials on the dark web, which would then enable a ransomware actor to get in.” – said the hacker.
As the hacker mentioned, VNC and RDP ports must be closed at all points since they have the easiest way to infiltrate a computer system. If they are necessary, proper authentication must be maintained in it. Organizations must be aware of the ports that are open in their system and remediate them accordingly.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
