hacker rank opentext engineering hiring test(Software Engineer)

Introduction：

1、Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite

2、Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide

Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite ♂

　　Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2).

　　"The information stealer was delivered via a phishing email, masquerading as an invitation letter from the Indian Air Force," EclecticIQ researcher Arda Büyükkaya said in a report published today.

　　"The attacker utilized Slack channels as exfiltration points to upload confidential internal documents, private email messages, and cached web browser data after the malware's execution."

　　The campaign, observed by the Dutch cybersecurity firm beginning March 7, 2024, has been codenamed Operation FlightNight in reference to the Slack channels operated by the adversary.

　　Targets of the malicious activity span multiple government entities in India, counting those related to electronic communications, IT governance, and national defense.

　　The threat actor is said to have successfully compromised private energy companies, harvesting financial documents, personal details of employees, details about drilling activities in oil and gas. In all, about 8.81 GB of data has been exfiltrated over the course of the campaign.

　　The attack chain starts with a phishing message containing an ISO file ("invite.iso"), which, in turn, contains a Windows shortcut (LNK) that triggers the execution of a hidden binary ("scholar.exe") present within the mounted optical disk image.

　　Simultaneously, a lure PDF file that purports to be an invitation letter from the Indian Air Force is displayed to the victim while the malware clandestinely harvests documents and cached web browser data and transmits them to an actor-controlled Slack channel named FlightNight.

　　The malware is an altered version of HackBrowserData that goes beyond its browser data theft features to incorporate capabilities to siphon documents (Microsoft Office, PDFs, and SQL database files), communicate over Slack, and better evade detection using obfuscation techniques.

　　It's suspected that the threat actor stole the decoy PDF during a previous intrusion, with behavioral similarities traced back to a phishing campaign targeting the Indian Air Force with a Go-based stealer called GoStealer.

　　Details of the activity were disclosed by an Indian security researcher who goes by the alias xelemental (@ElementalX2) in mid-January 2024.

　　The GoStealer infection sequence is virtually identical to that of FlightNight, employing procurement-themed lures ("SU-30 Aircraft Procurement.iso") to display a decoy file while the stealer payload is deployed to exfiltrate information of interest over Slack.

　　By adapting freely available offensive tools and repurposing legitimate infrastructure such as Slack that's prevalent in enterprise environments, it allows threat actors to reduce time and development costs, as well as easily fly under the radar.

　　The efficiency benefits also mean that it's that much easier to launch a targeted attack, even allowing less-skilled and aspiring cybercriminals to spring into action and inflict significant damage to organizations.

　　"Operation FlightNight and the GoStealer campaign highlight a simple yet effective approach by threat actors to use open-source tools for cyber espionage," Büyükkaya said.

Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide ♂

　　A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.

　　Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years.

　　Hack-for-hire services do not operate as a state-sponsored group but likely as a hack-for-hire company that conducts commercial cyberespionage against given targets on behalf of private investigators and their clients.

　　According to the latest report published by the University of Toronto's Citizen Lab, BellTroX—dubbed 'Dark Basin' as a hacking group—targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights defenders.

　　"Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy," the report reads.

　　Citizen Lab started its investigation into the 'Dark Basin' group in 2017 after it was contacted by a journalist targeted with phishing pages that were served via the self-hosted open-source Phurl URL shortener.

　　Researchers found that attackers used the same URL shortener to disguise at least 27,591 other phishing links containing the targets' email addresses.

　　"Because the shorteners created URLs with sequential shortcodes, we were able to enumerate them and identify almost 28,000 additional URLs containing email addresses of targets."

　　Initially suspected to be state-sponsored, the hacking group was later identified as a hack-for-hire scheme, given the variety of targets.

　　Interestingly, Sumit Gupta, the owner of BellTroX company, was once indicted in California in 2015 for his role in a similar hack-for-hire scheme, along with two private investigators who admitted to paying him to hack the accounts of marketing executives.

　　"Dark Basin left copies of their phishing kit source code available openly online, as well as log files" that "recorded every interaction with the credential phishing website, including testing activity carried out by Dark Basin operators," Citizen Lab said.

　　"We were able to identify several BellTroX employees whose activities overlapped with Dark Basin because they used personal documents, including a CV, as bait content when testing their URL shorteners."

　　"They also made social media posts describing and taking credit for attack techniques containing screenshots of links to Dark Basin infrastructure."

　　Citizen Lab notified hundreds of individuals and institutions targeted by BellTroX and shared their findings with the United States Department of Justice (DOJ) on the request of several targets.

　　"Dark Basin has a remarkable portfolio of targets, from senior government officials and candidates in multiple countries to financial services firms such as hedge funds and banks to pharmaceutical companies."

　　"Many of Dark Basin's targets have a strong but unconfirmed sense that the targeting is linked to a dispute or conflict with a particular party whom they know."

Related questions

It seems you are looking for information about a specific hiring test for OpenText engineering roles on HackerRank. Generally, such tests are aimed at assessing candidates' technical skills, problem-solving abilities, and coding proficiency. Here are some common elements you might expect in a coding test for software engineering roles:

1. Coding Challenges: You may encounter questions that require you to write code to solve specific problems. These could involve algorithms, data structures, or systems design.

2. Multiple Choice Questions: Some tests include a section with multiple-choice questions to assess your theoretical knowledge of programming concepts, algorithms, and systems.

3. Real-World Scenarios: You might be presented with scenarios that mimic real-world problems an engineer at OpenText might face.

4. Language Proficiency: Depending on the role, you might be tested in specific programming languages (e.g., Python, Java, C++, etc.).

5. Time Constraints: Typically, these tests have a time limit, so it's important to manage your time effectively and prioritize solving problems you feel most confident about.

6. Debugging Tasks: You might be asked to find and fix bugs in given code snippets.

Preparation Tips:

• Review Data Structures: Understand key structures like arrays, linked lists, trees, and graphs.
• Practice Algorithms: Focus on sorting, searching, dynamic programming, and recursion.
• Use HackerRank: Familiarize yourself with the HackerRank platform, as they have a variety of practice problems.
• Mock Interviews: Consider doing mock interviews to practice under pressure.

Resources:

• LeetCode and CodeSignal: Other platforms where you can practice coding problems.
• Books: "Cracking the Coding Interview" is a popular resource for interview preparation.

If you're targeting a specific role at OpenText, it may also help to research the company’s technology stack and focus areas, as this knowledge may give you an advantage during the assessment. Good luck!