Chris Bing – Page 27 – WindowsTechs.com

Mounting evidence points to North Korean group for global ransomware attack

Posted on May 23, 2017 by Chris Bing

In the aftermath of a global ransomware attack, which impacted more than 300,000 computers in over 150 countries, a small, select group of security researchers announced they had found evidence suggesting a group previously linked to the North Korean government was likely behind the international cyber incident. Their theory gained new found credibility Monday when U.S. cybersecurity firm Symantec said it too discovered “strong links” between WannaCry ransomware and the so-called Lazarus Group. Researchers originally came across WannaCry in February when it was first found on a Symantec client’s network — a full three months prior to the global outbreak. By obtaining an early sample, analysts were able to comprehensively study and identify individual components within the malware, some of which shared similarities to hacking tools used in late 2014 against Sony Pictures. The attacks against Sony Pictures have been widely attributed to hackers linked to North Korea by both […]

The post Mounting evidence points to North Korean group for global ransomware attack appeared first on Cyberscoop.

Continue reading Mounting evidence points to North Korean group for global ransomware attack→

Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says

Posted on May 19, 2017 by Chris Bing

North Korean hackers may have sent phishing emails to South Korean organizations in late 2016 and early 2017 that carried ransomware, according to private sector intelligence firm Intel 471. Intel 471 obtained information about several samples related to this peculiar phishing email campaign, which in one case targeted a South Korean political organization earlier this year. “The sender was fluent in Korean and had a good familiarity with Korean culture,” said Intel 471 CEO Mark Arena, a former chief researcher with FireEye’s intelligence collection group iSight Partners. “The email included a fake Microsoft Word .doc file that when run, dropped ransomware and a likely Chinese originated trojan that could perform distributed denial of service attacks.” Oddly, although the phishing emails clearly targeted specific South Korean organizations, the ransomware itself was not capable of encrypting the most popular file type in Korea, .hwp (Hanword). It’s not clear why the attackers sent what […]

The post Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says appeared first on Cyberscoop.

Continue reading Ransomware aimed at South Korea in early 2017 may be work of North Korea, firm says→

Lawmakers introduce bill to shine spotlight on government hacking stockpile

Posted on May 18, 2017 by Chris Bing

A bipartisan bill introduced in Congress Wednesday aims to add transparency to a controversial oversight framework currently used by federal agencies known as the Vulnerabilities Equities Process. The legislation, as it’s currently written, would help better define exactly when and if the U.S. government should notify a company about flawed computer code they discover in one of their products. Named the Protecting Our Ability to Counter Hacking Act, or PATCH Act, the bill seeks to codify the VEP into law; answering some of the tough questions that surround the current framework, including who sits on the multi-agency review board responsible for decisions and when public disclosure is appropriate. In addition, the PATCH Act offers a brief decision-making criteria and broadly describes certain considerations that must be weighed by board members, including the Secretary of Commerce and the Directors of National Intelligence. Sens. Brian Schatz, D-Hawaii, Ron Johnson, R-Wis., and Cory […]

The post Lawmakers introduce bill to shine spotlight on government hacking stockpile appeared first on Cyberscoop.

Continue reading Lawmakers introduce bill to shine spotlight on government hacking stockpile→

The CIA is running internal ‘Shark Tank’-like pitch competitions, CIO says

Posted on May 17, 2017 by Chris Bing

The Central Intelligence Agency is using pitch competitions similar to the TV show “Shark Tank” to spur the development of cutting-edge intelligence gathering technologies, the agency’s chief information officer John Edwards said Wednesday at a tech conference. “We have run three Shark Tanks, you know like the TV show,” said Edwards during VMWare’s Public Sector Innovation Summit. “The last one we had 21 submissions. These guys get pretty creative, some dress up as different characters and present and it’s a lot of fun.” Edwards told CyberScoop that each informal competition will typically gather in-house CIA developers and other officials to pitch their ideas to senior agency personnel from both Edwards’ office and the Directorate of Digital Innovation, or DDI — a newly created division within the spy agency focused on the development of offensive and defensive cyber capabilities. The winning idea or pitch from each competition is considered for potential […]

The post The CIA is running internal ‘Shark Tank’-like pitch competitions, CIO says appeared first on Cyberscoop.

Continue reading The CIA is running internal ‘Shark Tank’-like pitch competitions, CIO says→

WannaCry hit U.S. Army machine, marking first federal government infection

Posted on May 16, 2017 by Chris Bing

WannaCry ransomware infected a machine tied to an IP address associated with the Army Research Laboratory, CyberScoop has learned. The information, found on a list of affected IP addresses provided by a security vendor, would mark the first time the ransomware was found on a federal government computer. The security vendor, who provided the data on condition of anonymity to discuss sensitive material, observed communications from the victim IP address to the attackers’ known command and control server on May 12; confirming that the ransomware infection involving the ARL was in fact successful. The IP address is tied to a block parked at a host located at Fort Huachuca, Arizona. The type of machine the IP address is attached to is unknown. While ARL is based in Adelphi, Maryland, the laboratory has multiple outposts, including stations at Fort Huachuca. The Arizona base is also home to the Army’s Network Enterprise Technology Command […]

The post WannaCry hit U.S. Army machine, marking first federal government infection appeared first on Cyberscoop.

Continue reading WannaCry hit U.S. Army machine, marking first federal government infection→

Shadow Brokers return to taunt U.S. government after ransomware spread

Posted on May 16, 2017 by Chris Bing

A mysterious group known for publishing highly classified computer code developed by the National Security Agency returned to the limelight Tuesday with a cryptic message concerning the future release of other government hacking tools and secretive information, including “network data from Russian, Chinese, Iranian, and North Korean nuclear missile programs.” “TheShadowBrokers is having many more where coming from?” a lengthy message posted Tuesday morning by the peculiar group reads, claiming they own “75% of U.S. cyber arsenal.” The message also cites the Equation Group, which has been observed operating in the wild by cybersecurity firm Kaspersky Lab and is believed to associated with an elite hacking unit within the NSA. “This is theshadowbrokers way of telling theequationgroup ‘all your bases are belong to us.’ TheShadowBrokers is not being interested in stealing grandmothers’ retirement money. This is always being about theshadowbrokers vs theequationgroup.” Since the Shadow Brokers posted their first message to […]

The post Shadow Brokers return to taunt U.S. government after ransomware spread appeared first on Cyberscoop.

Continue reading Shadow Brokers return to taunt U.S. government after ransomware spread→

This hacking group with suspected ties to the Vietnamese government is wreaking havoc

Posted on May 15, 2017 by Chris Bing

A hacking group with suspected ties to the Vietnamese government, known as APT32 or OceanLotus, has been actively conducting cyber espionage missions against valuable corporations, foreign governments, dissidents and domestic journalists since at least 2014, according to new research conducted by cybersecurity firm FireEye. “We have known them to target governments and citizens, but the targeting of global corporations — and the pace at which APT32 adapted — was unexpected,” said FireEye analyst Nick Carr. “Frankly, their capabilities surprised us.” FireEye was able to confirm that at least 12 private sector organizations were targeted by APT32, which is known to send well-crafted phishing emails with booby-trapped Microsoft Word attachments. Most of the assets initially compromised are geographically located in southeast Asia, Carr said. The findings underscore how developing nations are increasingly investing resources to cultivate their own hacking capabilities to effectively collect intelligence on both economic and political targets. By leveraging […]

The post This hacking group with suspected ties to the Vietnamese government is wreaking havoc appeared first on Cyberscoop.

Continue reading This hacking group with suspected ties to the Vietnamese government is wreaking havoc→

Russian hackers targeted Obama’s aides as early as 2007, and attempts continue, report says

Posted on May 12, 2017 by Chris Bing

Russia’s preeminent cyber-espionage group, known as APT28 or Fancy Bear, heavily targeted Barack Obama’s staff during the 2008 campaign, according to newly published research by U.S.-based cybersecurity firm Area 1 Security. The former president’s closest allies — including campaign staff, top aides and other senior U.S. officials — began receiving a barrage of phishing emails from Russian spies as far back as 2007, when he was still a U.S. senator. Some Obama associates continue to be targeted, Area 1 said. Ex-officials are still being sent phishing emails even though they left government years ago, a trend that shows the attackers’ persistence in trying to compromise assets. A blog post published Friday afternoon by Area 1 shows that associated phishing emails commonly employed subject lines like “just FYI,” “RFI,” “eFax,” or “Elections.” Several corresponding attachments were titled as “harvard-iop-fall-2016-poll[.]doc” and “37486-the-shocking-truth-about-election-rigging-in-america[.]rtf[.]lnk.” The evidence uncovered by Area 1, a firm founded by National Security Agency veterans, offers […]

The post Russian hackers targeted Obama’s aides as early as 2007, and attempts continue, report says appeared first on Cyberscoop.

Continue reading Russian hackers targeted Obama’s aides as early as 2007, and attempts continue, report says→

Rudy Giuliani is helping draw up cyber doctrine, DNI says, but details are scarce

Posted on May 11, 2017 by Chris Bing

Donald Trump confidant and former New York City Mayor Rudy Giuliani is one of the leading voices in designing a “cyber doctrine” for the U.S., according to the Director of National Intelligence Dan Coats, but there is little information about how that process is going. The long-awaited doctrine — a broadly defined framework that lawmakers hope will one day serve to define the nation’s boundaries in cyberspace and rules of engagement — has been a consistent albeit vague talking point on Capitol Hill for the last year. Senior Republicans — including Senate Armed Services Committee Chairman John McCain of Arizona — have called on colleagues and the executive branch to develop policy that establishes a clear “red line” for when the U.S. will aggressively respond to specific cyber incidents. At a Senate Intelligence Committee hearing Thursday concerning “worldwide threats” — a conversation that included an overview of cyber conflicts between the […]

The post Rudy Giuliani is helping draw up cyber doctrine, DNI says, but details are scarce appeared first on Cyberscoop.

Continue reading Rudy Giuliani is helping draw up cyber doctrine, DNI says, but details are scarce→

Russia-linked hackers impersonate NATO in attempt to hack Romanian government

Posted on May 11, 2017 by Chris Bing

An elite hacking group linked to the Russian government masqueraded as a NATO representative to send a barrage of phishing emails to diplomatic organizations in Europe, including Romania’s Foreign Ministry of Affairs, documents show. CyberScoop obtained a copy of one such phishing email that researchers have attributed to the hacking group, which is known as APT28 or Fancy Bear. The email, which carries a booby-trapped attachment that leverages two recently disclosed Microsoft Word vulnerabilities, shows that the government-backed hacking group effectively spoofed a NATO email address to make the message appear authentic. The hq.nato.intl domain is currently used by NATO employees. The file has already been submitted to Virus Total, a publicly maintained library of computer viruses. Typically files don’t appear on the site unless they have been found in the wild. An analyst from cybersecurity firm FireEye confirmed the phishing email pictured above is in fact authentic and related to APT28 activity. […]

The post Russia-linked hackers impersonate NATO in attempt to hack Romanian government appeared first on Cyberscoop.

Continue reading Russia-linked hackers impersonate NATO in attempt to hack Romanian government→