Skip to main content

Mysterious Iranian group is hacking into DNA sequencers


See also

Web-based DNA sequencer applications are under attack from a mysterious hacker group using a still-unpatched zero-day to take control of targeted devices.

The attacks have started two days ago, on June 12, and are still going on, according to Ankit Anubhav, a security researcher with NewSky Security, who shared his findings with ZDNet.

Hackers planting shells on DNA sequencer web apps

Anubhav says the group, which operates from an Iran-based IP address, has been scanning the internet for dnaLIMS, a web-based application installed by companies and research institutes to handle DNA sequencing operations.

The researcher told ZDNet the hacker is exploiting CVE-2017-6526, a vulnerability in dnaLIMS that has not been patched to this day after the vendor was notified back in 2017.

Anubhav says the attackers are using this vulnerability to plant shells that allow them to control the underlying web server from remote locations.

Attack motives unknown

It is unclear how the group is using these backdoors into hacked systems, post infection. Anubhav says there could be two scenarios.

In the first, the attacker may be looking to exfiltrate hashes of DNA sequences from the application's database.

"DNA theft in specific cases can be fruitful," Anubhav said. "Either it can be sold on the black market, or a high profile attacker can actually be looking for a specific person's data."

Second, and the most plausible scenario, is that the attackers might be using the infected servers as part of a botnet, or using the shell to plant cryptocurrency miners on the hijacked systems.

A previous ZDNet report highlighted that most IoT botnets nowadays are the works of attention-seeking kids that take random exploits from the ExploitDB exploit database and assemble botnets at random.

This might be one of those cases, with this botnet's author using an exploit at random, not knowing what they're actually targeting.

"This particular attack may not be useful for a script kiddie or a botnet operator," Anubhav said, pointing out that there are only between 35 and 50 such highly-complex DNA sequencer apps available online, a number far too small to build a botnet around.

Group also targeted routers and Struts servers

Furthermore, the theory that this might be the work of a script kiddie playing with random exploits, rather than a nation-state sponsored group, becomes more believable when we look at the historical activity coming from the attacker's IP address.

Per NewSky's own records, the attacker has been seen using the nmap tool to scan the internet and attempt to use two other exploits to take over systems -- one for Zyxel routers, and a second for Apache Struts installations.

"We can not decide on the motive of these attacks just yet," Anubhav told ZDNet. "Regardless, the DNA sequencer systems which hold this confidential information can get pwned."

With the vendor refusing to patch the security flaw back in 2017, these systems remain open for attacks.

The dangers that these systems pose can only be evaluated on a per-case basis. If the DNA sequencing data is anonymized, any stolen data will most likely be useless. If not, then a serious breach may occur if the hackers have stolen any info from these systems.

Sure, DNA data may be useless right now, but with biometric solutions spreading every year, non-anonymized data might be actually worth something in a few years from now.

More IOCs about this attack are available in Anubhav's report.

AI, cybersecurity, programming languages,... SEE FULL GALLERY 1 - 5 of 12

Related malware and cybercrime coverage:


I needed to create you a very small note to help thank you very much yet again relating to the exceptional advice you have provided in this case. This has been simply strangely open-handed with you to supply publicly just what many of us could have advertised as an ebook to generate some cash for themselves, principally since you might have done it if you wanted. The tips likewise worked like a good way to comprehend most people have similar interest similar to mine to know lots more with regard to this problem. I know there are many more fun situations in the future for individuals who examine your site. jordans

I must express some thanks to you for bailing me out of this particular instance. Just after exploring through the internet and obtaining things which were not beneficial, I believed my life was well over. Existing without the presence of strategies to the problems you've resolved by means of your entire review is a critical case, as well as the ones which might have adversely damaged my entire career if I had not discovered your blog. Your personal talents and kindness in controlling every aspect was tremendous. I don't know what I would have done if I hadn't encountered such a point like this. I can also at this time relish my future. Thank you so much for this skilled and result oriented help. I will not hesitate to recommend the blog to any individual who wants and needs guidelines on this area. michael kors purses

I not to mention my friends were taking note of the great tips and tricks located on the blog while quickly got a horrible suspicion I had not thanked the site owner for those secrets. Those boys had been certainly joyful to read all of them and already have surely been making the most of those things. I appreciate you for actually being really helpful and then for utilizing this form of notable tips millions of individuals are really desirous to know about. My very own honest apologies for not expressing gratitude to you earlier. yeezy 500

My husband and i ended up being so satisfied when Emmanuel could deal with his survey by way of the ideas he came across when using the site. It is now and again perplexing to simply always be giving out tips and tricks that the rest may have been selling. Therefore we discover we have got the writer to give thanks to because of that. All of the illustrations you've made, the easy site navigation, the friendships your site make it easier to promote - it's all superb, and it's really facilitating our son in addition to our family believe that this idea is brilliant, which is highly serious. Thank you for the whole thing! supreme hoodie

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
The comment language code.