![]() Several modules modified by the malware provided by Amnpardaz. The researchers believe the main intention of the malware was to wipe server drives and hide its presence. Regardless, they considered the amount of effort put into this rootkit as highly technical and at an innovation level on par with Advanced Persistence Threat (APT) groups, which are often tied to government security agencies. A move the researchers considered a poor decision as it made it easier to detect the malware. ![]() Upon the researchers discovering the malware, the attackers triggered a wipe of the servers. In addition to the fake UI page, they also produced output logs with false information. The attacker’s intentions were to remain hidden as they took additional measures to hide their presence. Comparison of the disguised iLO web UI provided by Amnpardaz. While it would show the latest firmware version number, the attackers failed to use the latest UI image. The attackers discreetly prevented firmware updates by simulating a fake upgrade process on the web UI. This is the first known discovery of an iLO rootkit. The rootkit name, iLOBleed, is based on the malware module discovered in the iLO firmware. ![]() ![]() This includes the ability to turn the server on and off, configure hardware and firmware settings, and additional administrator functions. These optional chips are added to servers for remote management and grant full high-level access to the system. Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. ![]()
0 Comments
Leave a Reply. |