Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Intelligence Bulletin – MinionGhost Reemerges
At approximately 9:30am EDT on 20 March 2018, hacktivist collective, MinionGhost, announced planned cyber attacks against unspecified Asian entities. Additionally, MinionGhost and other hacktivist groups announced their intent to target Israeli websites and interests as part of the annual global hacktivist campaign, #OpIsrael. Optiv’s Global Threat Intelligence Center (gTIC) assesses with high confidence that MinionGhost and affiliated groups intend to carry out high-level attacks against various websites and entities, however the capabilities of these groups are limited to simple distributed-denial-of-service (DDoS), cross-site scripting (XSS), and SQL injection (SQLi) attempts. Organizations are recommended to implement security practices and countermeasures focused on limiting and mitigating slow-HTTP attacks, which include limiting connections from single sources, setting appropriate session timeouts, using strong passwords and login credentials for web-applications, and monitoring for/blocking any activity from known proxy (i.e. Tor, commercial VPN) IP ranges.
MinionGhost is a politically and religiously-motivated hacktivist group with a pattern of participating in campaigns against targets globally with the intent of leaking sensitive information (i.e. email credentials, PII), webpage defacement, and disrupting the availability of websites and services through DDoS attacks. In addition to personal and vigilante motives, MinionGhost is also observed to seek attention and validation from media outlets catering to hacker and security news by posting results and findings from attacks directly to these outlets.
MinionGhost is an Indonesian hacktivist group responsible for participating in several hacktivist operations between 2016 and 2018, targeting multiple governments and top-level domains (TLDs) based off various political events, as well as participating in other ongoing hacktivist operations against the finance industry. MinionGhost is assessed to be a single threat actor with several key associates using multiple social media accounts and personas. MinionGhost is observed to communicate their activities over several outlets including Facebook, Twitter, GitHub, and Pastebin. In 2017, the original social media accounts for MinionGhost, @minionghost302 and @Scode404, were confirmed to be the same actor hiding behind another user handle, @AnonGhost7.
Tools and tactics attributed to the group include vulnerability scans, manual SQLi attacks, and DoS tools scripted in Python. Targets range from government websites to banking and financial entities as a part of larger global hacktivist operations.
MinionGhost is known to announce their intentions and campaigns over social media and recruit the support of other hacktivist groups with similar agendas. MinionGhost’s tools primarily consist of Python-scripted DoS tools. Tools used during #OpCatalunya in 2017 were identified to be the same as those identified to be used during #OpIcarus. Several of these are assessed to be derivatives of older DDoS tools including Slowloris, Low Orbit Ion Cannon (LOIC), and R-U-Dead-Yet.
Optiv’s gTIC assesses with high confidence that a majority of MinionGhost’s attacks will have minimal impact against large organizations with adequate security and defense postures. The most vulnerable targets are local government and small business entities with little or no security procedures.
MinionGhost and affiliates will continue high-level global hacktivist campaigns, primarily focused on targeting government and financial services and US and Israeli interests. Annual campaigns like #OpIsrael and #OpIcarus will continue to garner large vigilante followings and organizations are encouraged to follow proper security and defense posture as mentioned below.
To mitigate threats from MinionGhost and other hacktivist operations, gTIC advises organizations to ensure web-applications are up-to-date and secured with strong passwords, limit connections from single sources, set appropriate session timeouts and incoming data rates, and identifying and blocking known VPN and proxy IP addresses, writing database queries using prepared statements. These counteractions can prevent basic and high-level XSS, SQLi, and DDoS attempts.
July 29, 2016
Learn how Optiv’s cyber threat intelligence solution helps clients improve their threat response approach.
April 19, 2018
Learn how Optiv’s Cyber Threat Intelligence as-a-Service solution provides you with an advanced "beyond the perimeter" capability as a part of your...
Remove the confusion surrounding the implementation of threat intel with a blueprint for logical progression in planning, building and running your...
Let us know what you need, and we will have an Optiv professional contact you shortly.