Israeli mobile forensics firm Cellebrite has announced that it has suffered a data breach Attack.Databreach following an unauthorized access to an external web server . “ The impacted server included a legacy database backup of my.Cellebrite , the company ’ s end user license management system . The company had previously migrated to a new user accounts system . Presently , it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system , ” the company stated , and added that it is still investigating the attack . They are also notifying affected customers , and advising them to change their passwords . The confirmation comes a few hours after Motherboard released Attack.Databreach general information about 900 GB of data that they obtained Attack.Databreach and has supposedly been stolen Attack.Databreach from the firm . The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company ’ s my.cellebrite domain , ” the publication noted . “ The dump Attack.Databreach also contains what appears to be evidence files from seized mobile phones , and logs from Cellebrite devices ” . The hacker that shared the data with the publication and is apparently behind the breach also noted that access to the compromised servers has been traded among hackers in IRC chat rooms , so it ’ s possible that other persons have exfiltrated Attack.Databreach potentially sensitive data . “ The Cellebrite breach Attack.Databreach shows that anyone can be hacked , even firms whose bread and butter is data exfiltration Attack.Databreach . And Cellebrite isn ’ t the first organization of this type to be targeted – Hacking Team and Gamma International have both experienced similar attacks by groups opposed to government surveillance , ” Tony Gauda , CEO of ThinAir , commented for Help Net Security . “ While the 900 GB of data hasn ’ t been released publicly , it ’ s safe to assume that the information is highly sensitive . Besides customer information , the hackers managed to retrieve Attack.Databreach technical data , which could have serious repercussions if it were to fall into the wrong hands . Incidents such as this are the cyber equivalent of robbing a gun store , and I wouldn ’ t be surprised if the proprietary info stolen Attack.Databreach eventually made its way online . Demand for advanced hacking tools and techniques has never been higher and until these firms start securing their digital arsenals with technology capable of rendering data useless when it ’ s compromised , they will continue to find themselves in the crosshairs of hackers ” . Cellebrite ’ s name has become widely known after reports that the company has been asked for help to exfiltrate data Attack.Databreach from the locked iPhone belonging to Syed Farook , one of the San Bernardino shooters

Named GhostAdmin , this threat is part of the `` botnet malware '' category . According to current information , the malware is already distributed and deployed in live attacks , being used to possibly target at least two companies and steal Attack.Databreach hundreds of GBs of information . According to MalwareHunterTeam and other researchers that have looked at the malware 's source code , GhostAdmin seems to be a reworked version of CrimeScene , another botnet malware family that was active around 3-4 years ago . Under the hood , GhostAdmin is written in C # and is already at version 2.0 . The malware works by infecting computers , gaining boot persistence , and establishing a communications channel with its command and control ( C & C ) server , which is an IRC channel . GhostAdmin 's authors access to this IRC channel and issue commands that will be picked up by all connected bots ( infected computers ) . The malware can interact with the victim 's filesystem , browse to specific URLs , download and execute new files , take screenshots , record audio , enable remote desktop connections , exfiltrate data Attack.Databreach , delete log files , interact with local databases , wipe browsing history and more . A full list of available commands is available via the image below : The malware 's features revolve around the ability to collect Attack.Databreach data from infected computers and silently send it to a remote server . GhostAdmin operates based on a configuration file . Among the settings stored in this file , there are FTP and email credentials . The FTP credentials are for the server where all the stolen information is uploaded , such as screenshots , audio recordings , keystrokes and more . On the other hand , the email credentials are used to send an email to the GhostAdmin author every time a victim executes his malware , and also send error reports . MalwareHunterTeam says that the GhostAdmin version he analyzed was compiled by a user that used the nickname `` Jarad . '' Like almost all malware authors before him , Jarad managed to infect his own computer . Using the FTP credentials found in the malware 's configuration file , MalwareHunterTeam found screenshots of GhostAdmin creator 's desktop on the FTP server . Furthermore , the researcher also found on the same server files that appeared to be stolen Attack.Databreach from GhostAdmin victims . The possible victims include a lottery company and an Internet cafe . Just from the Internet cafe , the crook has apparently collected Attack.Databreach 368GB of data alone . From the lottery company , the GhostAdmin botmaster appears to have stolen Attack.Databreach a database holding information such as names , dates of births , phone numbers , emails , addresses , employer information , and more . At the time of writing , according to MalwareHunterTeam , the botnet 's IRC channel includes only around ten bots , an approximate victims headcount . Compared to other botnet malware families such as Necurs or Andromeda , which have millions of bots , GhostAdmin is just making its first victims . In its current form , GhostAdmin and its botmaster seem to be focused on data theft and exfiltration Attack.Databreach . At the time of writing , GhostAdmin detection rate on VirusTotal was only 6 out of 55 ( sample here )