Google search results for Kingsoft Windows and FallSetup add-ons show the company’s logo, but nothing about the credit card details stored by the software.
Beyond business deals with Russian organizations, another of the companies targeted by the Kremlin in a massive cyber attack may well be a part of that business.
Kingsoft’s fall setup and Windows shortcuts – used to create a new Windows shell program – are used to access to information stored on the BHHL3521X server. In this case, this would include:
i. The company and products link
ii. The server IP address
iii. The last known “connection”
iv. All data on the IP
a. All URLs on the server that came from the server
b. The last known IP of the file or IP
c. All IP addresses connected to the server
d. The active connection history
Google’s search engine web page for Kingsoft Windows doesn’t include links to the origin of files on the server, although all search results remain together at the bottom of the page and don’t lead anywhere else.
Other websites associated with the same address include .com, .net, .org, .biz, .co, .io, .mba, .co2 and .com.jp domains.
After launching its ransomware attack last year, the Kremlin continues to dump data related to the attacks on fake sites designed to avoid detection by security and internet traffic scanners.
As of February 2017, some 80 percent of the legitimate websites used by the Russian government to cover up the cyber attack were no longer active, according to a report in The Intercept.
The Internet Research Agency (IRA), whose alleged owners Vladimir Putin’s allies sought to influence the 2016 U.S. presidential election, has been mentioned in numerous indictments by U.S. Special Counsel Robert Mueller.
The firm managed fake media sites that distributed fake news stories and images – many of which looked like actual news sites – to sway U.S. public opinion and election voters.
In the instance of Russian hacking, the links would have to come from the Russian government, Russian-based St Petersburg (Russia) Radio (NRK) journalist Robert Rizzo noted in a Dec. 14 article on Dec. 14.