Hacking Team is a secretive Milan-based firm which specializes in the sale of surveillance tools, malware and exploits to governments, law enforcement and private firms worldwide. The firm hit news headlines after it was hacked and much of 450GB data stolen from its servers was leaked online by the hackers. Rook has released a tool called “Milano utility” which scans systems for the presence of files associated with the recent Hacking Team breach. This free tool looks for files through either a quick or deep system scan. In the tool’s first form, a total of 93 Windows binaries have been analyzed, and 40 files have been highlighted as likely to be used for malicious use. Rook has said that additional files will be added as the 400GB cache scrutiny continues. “These files have been analyzed by Rook Security, and have been deemed to have the highest likelihood of malicious use,” the researchers said. “These files have been analyzed using dynamic, static, and manual analysis. We also compared these files against VirusTotal, Kaspersky Whitelisting, and PaloAlto Firewalls Wildfire. Hosts containing any of the files found in this list should be considered compromised.” The hacked firm, Hacking Team offers lawful interception tools to anyone who can buy them including law enforcement and intelligence agencies around the world. On July 5, attackers leaked hundreds of gigabytes of sensitive information allegedly obtained from Hacking Team’s systems, including a torrent file containing 400GB of internal documents, source code, zero-day exploits, and email communications including detailed customer information. Facebook has also released its Osquery tool to detect and combat an OS X-based backdoor exploit used by Hacking Team which we reported yesterday. A beta release of the Milano Hacking Team Malware Detection Utility, along with a list of the indicators of compromise (IOCs) for the Hacking Team breach are online here.
