Contact Contact Us

US Gov’t Payment Service Leaks 14M Records, OilRig APT Group Updates BONDUPDATER Trojan

Government Payment Service Inc., a US credit card payment processing company that serves the government sector, leaked more than 14 million customer records due to a technical issue on its website that allowed users to view millions of customer records simply by modifying digits in the web address displayed by online receipts, which were shown by the website when citizens used it to pay fees and fines. The leaked records dated back to at least six years ago and included names, addresses, phone numbers, and the last four digits of credit cards. The company has updated its system to ensure that only authorised users are able to view their individual receipts.

The OilRig APT group continues to target Middle Eastern governments and businesses using an updated version of the BONDUPDATER Trojan, which is delivered via spear phishing emails containing a macros-laden Microsoft Word document. The BONDUPDATER Trojan performs fundamental backdoor capabilities, such as uploading and downloading files and executing commands. It also uses TXT records within its DNS tunnelling protocol to communicate with the command and control server. The OilRig APT group appears to be very resourceful, using a trove of methods and tools to compromise targets. It was reported in early September that OilRig was using a new variant of the OopsIE Trojan against government entities in the Middle East.

[1] Leaks 14M+ Records
[2] OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883