Blockade Snags Bears
If I said “compromised website”, most people would probably imagine a “hacked by…” reference with a couple floating skull GIFs in place of their normal content. But what if the site looked exactly the same, yet had a little extra snippet of code that ran when you visited. Do you think you would notice?
Last month, Forcepoint published an interesting blog article detailing suspected nation-state hacking of several embassy and ministry websites. They describe the campaign as “reconnaissance” wherein the attackers inject profiling code into the compromised websites and casually suggest Russia (turla group) are behind the operation which may have started as early as December 2015. Presented at the bottom of the post were several domains used by the threat actors, which we loaded into Blockade.IO.
Since the attackers were merely loading Javascript within the page, users would not have noticed any visual difference or change in site behavior. For Blockade users who visit any of the mentioned websites in the post, you will see a pop-up dialog in the top-right corner of your operating system detailing the blocked resource.
Naturally, in order to block malicious content, we need to identify it. Blockade is seeking analysts focused on espionage who want to help those who may not have security resources to stop advanced attacks. If you’re interested, please email info@blockade.io.
About Blockade.IO
Blockade brings antivirus-like capabilities to users who run the Chrome browser. Built as an extension, Blockade blocks malicious resources from being viewed or loaded inside of the browser before they can ever reach the Internet.
