[German]Poorly or unsecured remote access is a constant security problem and gateway for cyberattacks in many companies, government agencies and organizations. Now I have come across a case involving a regional health ministry in Russia. A hacker was able to remotely penetrate an unsecured computer at this organization.
Advertising
The "hack" is again a classic case of "what can go wrong, will go wrong." After all, since Russia's invasion of Ukraine, hackers are increasingly looking at Russian IT systems and searching for entry points. A hacker with the nickname Spielerkid89, who wishes to remain anonymous, has now uncovered such a vulnerability. This one did not intend to harm his victims and left their systems intact. But he used the opportunity to break into these systems. It was an experiment that is a perfect example of how poor cyber hygiene can expose companies.
Shodan and an unsecured VPN access
The hacker with the nickname Spielerkid89 used the search engine Shodan to look for Russian computers that were accessible via the Internet. Through appropriate queries to the Shodan search engine, he soon discovered an open VNC (Virtual Network Computing) port with disabled authentication.
VNC stands for a company and software that allows remote access to computers such as desktops. Users can use it to access work computers from home or another location, or to allow technical support staff to access their own computers. Appropriate VNC software must be installed on the computers. Ideally, VNC should only be used with authenticated users, such as system administrators. No one should access a computer without being properly authenticated. However, that was the security problem in the current case.
As a result, Spielerkid89 connected to this computer, which belongs to a health ministry in the Omsk region of Russia. To remotely access the desktop of a ministry employee, the hacker didn't need a password or authentication – he was able to access all files and information on that computer through an open VNC port.
"I was able to access people's names, other IP addresses pointing to other computers on the network, and also financial documents," the hacker said. The Cybernews research team, which was contacted by the hacker Spielerkid89, was able to verify that he did indeed gain access to a computer belonging to this Russian ministry (see the following screenshot).
Desktop of the OC at the Ministry of Health
Advertising
As mentioned earlier, the hacker's intention was not to harm the organization. Therefore, he left the systems of the organization in question intact. However, the experiment illustrates how easy it is for a malicious hacker to penetrate an organization. By remotely accessing a computer through an open VNC port with authentication disabled, a criminal could download sensitive files, spy on other computers or servers on the network, set up services to create a backdoor, install malware, remotely introduce Trojans and more. CyberNews emailed me the information and documented the hack within this post.
