Atlas Prime
New Around Here
Hello SNB,
I'll try to keep this brief.
I was hacked and believe threat actors dropped an APT. Notepad had been hijacked, perhaps via modified .dll . I discovered the breach when notepad had been left open with files open that I hadn't created. One file was a string of Korean (or other Asian language) that was actively being modified as I watched (new characters being added). Another file was a list of all of my crypto transactions.
Needless to say av software was useless. Log indicating new folder creation attempts in protected exe that were being spammed and blocked, detected MitM and other entries. Entire system compromised from router to endpoints.
Used diskpart cleanall.
Fresh os install.
Persistent dir/files upon examination.
Shutdown and unplug entire system.
Got a "new" router.
Got a new phone.
Set up router and hardened it.
Purchased Parted Magic and burned iso to flash using etchdroid.
Booted pc using flash drive.
Secure erase fails(perhaps due to tpm or secure boot? Didn't evaluate decided to use nwipe).
Nwipe reports successful.
After nwipe noticed puid tool showing nbd's. Also i thought nwipe would remove partitions.
I'm not familiar with nbd's , but researched them and to my understanding are used in distributed storage and basically give remote access.
I'm not sure how to proceed in securing this pc.
If anyone could advise it would be appreciated.
I'll try to keep this brief.
I was hacked and believe threat actors dropped an APT. Notepad had been hijacked, perhaps via modified .dll . I discovered the breach when notepad had been left open with files open that I hadn't created. One file was a string of Korean (or other Asian language) that was actively being modified as I watched (new characters being added). Another file was a list of all of my crypto transactions.
Needless to say av software was useless. Log indicating new folder creation attempts in protected exe that were being spammed and blocked, detected MitM and other entries. Entire system compromised from router to endpoints.
Used diskpart cleanall.
Fresh os install.
Persistent dir/files upon examination.
Shutdown and unplug entire system.
Got a "new" router.
Got a new phone.
Set up router and hardened it.
Purchased Parted Magic and burned iso to flash using etchdroid.
Booted pc using flash drive.
Secure erase fails(perhaps due to tpm or secure boot? Didn't evaluate decided to use nwipe).
Nwipe reports successful.
After nwipe noticed puid tool showing nbd's. Also i thought nwipe would remove partitions.
I'm not familiar with nbd's , but researched them and to my understanding are used in distributed storage and basically give remote access.
I'm not sure how to proceed in securing this pc.
If anyone could advise it would be appreciated.
