Normally, we start investigating a cyberincident by looking for a source of infection. The source is not difficult to find — we look for an e-mail with a malware attachment or a malicious link, or for a hacked server. As a rule, security specialists have a list of equipment, so all you need to do is figure out which machine started the malicious activity. But what if all of your computers are clean — yet malicious activity is still occurring?
Recently, our experts investigated precisely such a situation. What they found: the attackers physically connected their own equipment to the corporate network.
This style of attack, dubbed DarkVishnya, begins with a criminal bringing a device to a victim’s office and connecting it to the corporate network.
Leave a reply