Skip to main content

Mysterious Iranian group is hacking into DNA sequencers

DNA

See also

Web-based DNA sequencer applications are under attack from a mysterious hacker group using a still-unpatched zero-day to take control of targeted devices.

The attacks have started two days ago, on June 12, and are still going on, according to Ankit Anubhav, a security researcher with NewSky Security, who shared his findings with ZDNet.

Hackers planting shells on DNA sequencer web apps

Anubhav says the group, which operates from an Iran-based IP address, has been scanning the internet for dnaLIMS, a web-based application installed by companies and research institutes to handle DNA sequencing operations.

The researcher told ZDNet the hacker is exploiting CVE-2017-6526, a vulnerability in dnaLIMS that has not been patched to this day after the vendor was notified back in 2017.

Anubhav says the attackers are using this vulnerability to plant shells that allow them to control the underlying web server from remote locations.

Attack motives unknown

It is unclear how the group is using these backdoors into hacked systems, post infection. Anubhav says there could be two scenarios.

In the first, the attacker may be looking to exfiltrate hashes of DNA sequences from the application's database.

"DNA theft in specific cases can be fruitful," Anubhav said. "Either it can be sold on the black market, or a high profile attacker can actually be looking for a specific person's data."

Second, and the most plausible scenario, is that the attackers might be using the infected servers as part of a botnet, or using the shell to plant cryptocurrency miners on the hijacked systems.

A previous ZDNet report highlighted that most IoT botnets nowadays are the works of attention-seeking kids that take random exploits from the ExploitDB exploit database and assemble botnets at random.

This might be one of those cases, with this botnet's author using an exploit at random, not knowing what they're actually targeting.

"This particular attack may not be useful for a script kiddie or a botnet operator," Anubhav said, pointing out that there are only between 35 and 50 such highly-complex DNA sequencer apps available online, a number far too small to build a botnet around.

Group also targeted routers and Struts servers

Furthermore, the theory that this might be the work of a script kiddie playing with random exploits, rather than a nation-state sponsored group, becomes more believable when we look at the historical activity coming from the attacker's IP address.

Per NewSky's own records, the attacker has been seen using the nmap tool to scan the internet and attempt to use two other exploits to take over systems -- one for Zyxel routers, and a second for Apache Struts installations.

"We can not decide on the motive of these attacks just yet," Anubhav told ZDNet. "Regardless, the DNA sequencer systems which hold this confidential information can get pwned."

With the vendor refusing to patch the security flaw back in 2017, these systems remain open for attacks.

The dangers that these systems pose can only be evaluated on a per-case basis. If the DNA sequencing data is anonymized, any stolen data will most likely be useless. If not, then a serious breach may occur if the hackers have stolen any info from these systems.

Sure, DNA data may be useless right now, but with biometric solutions spreading every year, non-anonymized data might be actually worth something in a few years from now.

More IOCs about this attack are available in Anubhav's report.

AI, cybersecurity, programming languages,... SEE FULL GALLERY 1 - 5 of 12

Related malware and cybercrime coverage:

55 Comments

My husband and i were now lucky when Michael managed to carry out his investigations from the ideas he was given out of your site. It is now and again perplexing to simply choose to be offering tips which some others have been making money from. So we recognize we need the writer to appreciate for this. The illustrations you have made, the simple blog navigation, the relationships your site help to engender - it's got all astounding, and it's leading our son and our family reckon that that topic is cool, which is certainly wonderfully important. Thanks for all! golden goose http://www.golden-goose.us

I really wanted to post a simple comment so as to say thanks to you for all the remarkable techniques you are writing here. My rather long internet investigation has finally been recognized with really good tips to go over with my close friends. I would believe that many of us readers actually are unquestionably blessed to exist in a great website with very many perfect professionals with insightful basics. I feel somewhat grateful to have used your entire web site and look forward to really more enjoyable times reading here. Thanks a lot once more for a lot of things. jordans shoes http://www.jordansshoes.us.org

Needed to send you a bit of note to be able to say thanks as before about the precious advice you've shown on this website. It was really open-handed of you to present unreservedly just what a few people would've offered for sale as an ebook to get some profit on their own, precisely since you might well have tried it if you wanted. The smart ideas additionally acted to become a good way to be aware that other people have similar fervor just like my own to grasp whole lot more regarding this condition. I am certain there are many more pleasurable situations up front for folks who see your blog. kobe shoes http://www.kobe-shoes.us.com

I would like to get across my love for your generosity in support of men and women who actually need guidance on this important idea. Your personal dedication to getting the solution up and down turned out to be surprisingly functional and have in every case made individuals like me to reach their objectives. Your insightful publication denotes a great deal a person like me and extremely more to my office workers. Many thanks; from everyone of us. supreme http://www.supremeclothings.com

I just wanted to type a brief word so as to express gratitude to you for all the marvelous ways you are showing here. My time intensive internet search has now been recognized with brilliant facts and techniques to exchange with my family. I 'd repeat that many of us website visitors actually are unquestionably lucky to dwell in a useful site with so many marvellous individuals with interesting methods. I feel very much privileged to have used your web page and look forward to so many more fabulous moments reading here. Thanks a lot again for everything. stone island http://www.stoneislands.us

I must voice my passion for your generosity supporting people who have the need for help with this one situation. Your very own commitment to getting the solution all over had been certainly important and has continuously made associates much like me to reach their dreams. Your new interesting hints and tips indicates so much a person like me and much more to my office workers. Thank you; from everyone of us. golden goose http://www.goldengooseoutletstore.com

My spouse and i ended up being now comfortable that Ervin managed to do his researching out of the precious recommendations he acquired when using the site. It's not at all simplistic to just find yourself freely giving facts the rest might have been making money from. So we already know we've got you to give thanks to because of that. Those explanations you've made, the simple web site navigation, the friendships you help to create - it's many fantastic, and it's really letting our son and the family imagine that this subject matter is excellent, and that's extraordinarily mandatory. Thank you for everything! kyrie 6 http://www.kyrie-6.com

Thanks so much for providing individuals with remarkably splendid chance to check tips from here. It's always so pleasurable and as well , stuffed with a good time for me personally and my office acquaintances to search your web site particularly three times per week to see the latest items you will have. And lastly, I'm so at all times pleased for the very good suggestions you give. Certain two tips in this article are in reality the very best we have all ever had. golden goose shoes http://www.goldengoose-shoes.us.com

I simply desired to say thanks once more. I am not sure the things I would have undertaken without the type of tips shared by you regarding that situation. It previously was a very frustrating situation for me, however , being able to view a new well-written way you solved the issue made me to cry over delight. I am thankful for the information and then hope that you realize what a powerful job you happen to be getting into training most people through your web site. I'm certain you haven't encountered all of us. lebron 18 http://www.lebron18.us

I wanted to draft you the little bit of note just to give thanks the moment again for those beautiful guidelines you have shown on this website. It's really shockingly open-handed of people like you to grant unhampered exactly what a lot of folks would have advertised as an ebook to get some cash for themselves, even more so considering that you could possibly have tried it in case you considered necessary. The solutions additionally worked as a great way to fully grasp that many people have the identical zeal just like my very own to understand lots more in respect of this issue. I'm certain there are millions of more fun moments ahead for people who go through your website. kyrie 6 shoes http://www.kyrie6.org

I and also my buddies were checking the excellent solutions from your website then instantly I got a horrible feeling I never thanked the website owner for those tips. My boys are already so joyful to see all of them and have in effect honestly been loving these things. We appreciate you actually being really thoughtful as well as for picking out certain excellent topics most people are really wanting to be informed on. Our own honest apologies for not expressing gratitude to you earlier. lebron 18 http://www.lebron18shoes.us

Thanks so much for providing individuals with remarkably brilliant possiblity to read articles and blog posts from this website. It is usually very awesome and packed with amusement for me personally and my office fellow workers to search your blog no less than 3 times weekly to study the new secrets you have got. Not to mention, I'm just at all times contented with all the remarkable tips and hints you give. Certain 2 tips in this post are particularly the most impressive we have ever had. supreme hoodie http://www.supremes-clothing.com

I enjoy you because of your whole work on this blog. Gloria take interest in making time for investigations and it's easy to understand why. A number of us hear all about the compelling way you make sensible tricks through the blog and as well attract participation from some others on this subject matter plus our girl is without a doubt studying a whole lot. Take pleasure in the rest of the year. Your conducting a splendid job. yeezy 350 v2 http://www.yeezy350v2s.com

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
The comment language code.