Author Archives: Sean Lyngaas

Chinese hackers posed as Iranians to breach Israeli targets, FireEye says

Posted on by

Suspected Chinese spies masqueraded as Iranian hackers in a two-year campaign to break into government and telecommunication networks in Israel, security firm FireEye said Tuesday. The alleged Chinese intruders used a hacking tool previously associated with Iranian operatives, and embedded some of their malicious code with Farsi, the predominant language in Iran. It was part of a broader campaign to gather intelligence at organizations in other Middle East and Central Asian countries that has continued this year, according to FireEye. The findings show how spies plant digital evidence in an effort to throw off investigators in the high-stakes world of espionage. The revelations come amid a period of heightened scrutiny of Chinese cyber activity: The U.S. and its European allies in July condemned China’s alleged exploitation of Microsoft software and said that it enabled ransomware attacks. John Hultquist, vice president of threat intelligence at Mandiant FireEye, said the targeting at […]

The post Chinese hackers posed as Iranians to breach Israeli targets, FireEye says appeared first on CyberScoop.

Continue reading Chinese hackers posed as Iranians to breach Israeli targets, FireEye says

NSA watchdog to review agency’s actions following Tucker Carlson spying allegations

Posted on by

The National Security Agency’s inspector general said Tuesday that it would conduct a review related to allegations that the agency had improperly surveilled Fox News host Tucker Carlson — allegations the agency has denied. The review will look at NSA’s compliance with legal authorities and procedures related to data collection and analysis, including so-called “unmasking” procedures, in which U.S. officials can request the identity of an American citizen cited in an intelligence document. The probe will cover whether any actions taken by the NSA “were based upon improper considerations,” Inspector General Robert Storch said in a statement. Carlson in June accused the NSA of surveilling in him in a bid to “take this show off the air.” The NSA, whose mission is to collect foreign intelligence, flatly denied the allegation in a June 29 statement. “Tucker Carlson has never been an intelligence target of the agency and the NSA has […]

The post NSA watchdog to review agency’s actions following Tucker Carlson spying allegations appeared first on CyberScoop.

Continue reading NSA watchdog to review agency’s actions following Tucker Carlson spying allegations

US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets

Posted on by

Chinese government-backed hackers’ rampant appetite for intellectual property represents a “major threat to U.S. and allied cyberspace assets,” according to a U.S. government assessment obtained by CyberScoop. The analysis from the National Security Agency, FBI and Department of Homeland Security’s cyber agency warns that Beijing-linked hackers are still “aggressively” targeting U.S. and allied defense and semiconductor firms, medical institutions and universities to steal sensitive corporate data and personally identifiable information. The advisory is a reminder that, despite the Biden administration’s heightened attention on ransomware gangs based in Russia, Chinese state-backed hacking remains a formidable threat to U.S. interests. The document is scheduled to be released publicly in the coming weeks, perhaps as soon as Monday. “NSA, [the Cybersecurity and Infrastructure Security Agency], and FBI have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and [critical infrastructure] personnel and organizations,” says the advisory. “These cyber operations […]

The post US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets appeared first on CyberScoop.

Continue reading US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets

After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments

Posted on by

Days after Israel and Gaza-based militant group Hamas agreed to a ceasefire in May, Arabic-speaking hackers resumed an effort to break into government networks in the Middle East, according to research published Thursday. The hacking group, known as MoleRATs, sent target organizations a malware-laced PDF claiming to be a report on Hamas members meeting with the Syrian government, security firm Proofpoint said. The malicious code is able to access files and take screenshots on a victim’s computer in furtherance of a spying campaign. It’s an example of how, alongside the violence that has long marked the Israel-Palestine conflict, there are often much subtler efforts by digital spies to access networks. It’s unclear what caused the hacking group to take a two-month break starting in March, or why it resumed activity in early June. Proofpoint analysts speculated that either the Muslim holy month of Ramadan or the latest Israel-Hamas conflict, which […]

The post After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments appeared first on CyberScoop.

Continue reading After Gaza ceasefire, MoleRATs hacking group continues to target Middle Eastern governments

Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites

Posted on by

A hacker doesn’t appear to be happy with the amount of digital piracy out there. A wave of malicious software downloads from October 2020 to January 2021 blocked users from visiting websites that host pirated versions of video games, Microsoft Office and other programs, analysts at antivirus firm Sophos said Thursday. One malware strain borrowed name recognition from The Pirate Bay, a notorious portal that directs users to copyrighted material while also serving up malicious software and nefarious advertisements. The vigilante disguised their malicious code as pirated software on Discord, a popular chat service, and on file-sharing service BitTorrent, Sophos said in a blog post. But instead of getting a bootlegged version of a video game like Minecraft, targets of the campaign downloaded malicious code that prevented their machines from visiting websites for pirated software. In some cases, the attacker made the malicious code appear as if it came from […]

The post Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites appeared first on CyberScoop.

Continue reading Vigilante hacking campaign blocks victims from visiting The Pirate Bay, other piracy sites

Biden says he gave Putin list of 16 sectors that should be off limits to hacking

Posted on by

President Joe Biden said he gave Russian President Vladimir Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be the subject of malicious cyber activity during a meeting between the two men in Geneva on Wednesday. The two heads of state also agreed to task cybersecurity experts from each government “to work on specific understandings about what’s off limits and to follow up on specific [cyber incidents] that originate in either of our countries,” Biden said at press conference after a roughly four-hour meeting with Putin. “I talked about the proposition that certain critical infrastructure should be off limits to attack, period, by cyber or any other means,” Biden said. It was not immediately clear if the list of critical infrastructure sectors that Biden referenced corresponds with the 16 sectors designated by the U.S. government. A White House spokesperson did not immediately respond to […]

The post Biden says he gave Putin list of 16 sectors that should be off limits to hacking appeared first on CyberScoop.

Continue reading Biden says he gave Putin list of 16 sectors that should be off limits to hacking

Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents

Posted on by

For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday. Researchers from Kaspersky and other firms only recently pieced together the activity, showing the limits of the cyber industry’s knowledge of Tehran-linked hacking against those who often bear the brunt of it: Iranian citizens. While Kaspersky researchers did not attribute the hacking to the Iranian government, FireEye, another security firm, said it suspected the hackers were affiliated with Tehran. The findings are consistent with a surveillance dragnet that Iranian authorities have used to jail and beat protesters who challenge the regime. Iranian security services killed 304 people in a 2019 crackdown, according to Amnesty International. The hackers, Kaspersky said, have sent their targets malware-laced images and videos claiming to be from prisoners in Iran. When opened, the malicious documents hijack users’ […]

The post Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents appeared first on CyberScoop.

Continue reading Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents

DOJ didn’t ask for Russia’s help tracking down Colonial Pipeline hackers, senior official says

Posted on by

The U.S. Justice Department did not ask Russian law enforcement for help in tracking down the perpetrators of the Colonial Pipeline ransomware attack because Moscow’s history of harboring cybercriminals essentially makes it a waste of time, according to a senior department official. “I think we’ve reached the stage, today, where there’s very little point in doing so,” said John Demers, the assistant attorney general for national security. “We have made those requests in the past.” The Russian government is “not just tolerating this,” Demers said at CyberTalks, presented by CyberScoop. “They’re actively getting in the way of U.S. law enforcement efforts to combat this type of hacking,” he added, referring to previous Russian efforts to block U.S. requests to extradite accused hackers from other countries. The remarks were pre-recorded on June 3. The Justice Department did not answer follow-up questions about possible Russian cooperation in the weeks since. The Russian […]

The post DOJ didn’t ask for Russia’s help tracking down Colonial Pipeline hackers, senior official says appeared first on CyberScoop.

Continue reading DOJ didn’t ask for Russia’s help tracking down Colonial Pipeline hackers, senior official says

‘That horse has left the barn’: Secret Service official says ransom payments have fueled hacking sprees

Posted on by

After the multimillion-dollar extortions of Colonial Pipeline and meat processor JBS, a Secret Service official is urging organizations not to pay off hackers and underscoring that more victims need to come forward in order to help U.S. officials get a handle on the problem. “We’re in this boat we’re in now because over the last several years, people have paid the ransom,” Stephen Nix, assistant to the Special Agent in Charge at the U.S. Secret Service, said at CyberTalks, a summit presented by CyberScoop. “This is the monetization of security flaws. That’s what we’re looking at. That horse has left the barn.” Nix asked ransomware victims to tell law enforcement agencies details such as the cryptocurrency wallet, or account, used by the attackers in order to track them down. “I think it’s a very small number of cases we actually hear about,” he added. “If we don’t hear about it, […]

The post ‘That horse has left the barn’: Secret Service official says ransom payments have fueled hacking sprees appeared first on CyberScoop.

Continue reading ‘That horse has left the barn’: Secret Service official says ransom payments have fueled hacking sprees

Veteran Justice official who oversaw cybercrime cases to step down

Posted on by

The Justice Department official who leads the division that prosecutes state-linked and criminal hackers is resigning by the end of June, a department spokesman said Monday. John Demers will step down after more than three years as assistant attorney general for national security, during which time the department brought multiple charges against alleged Russian and Chinese spies for hacking. Mark Lesko, the acting U.S. attorney for the Eastern District of New York, will likely serve as Demers’ temporary replacement, department spokesman Marc Raimondi said. Demers’ departure, which the Associated Press first reported on, has been expected for months. The White House said last month it would nominate Matt Olsen, a security executive at Uber, to replace Demers. The assistant attorney general for national security is one of the most important cybersecurity-related perches in the U.S. government as the incumbent can wield the full force of the Justice Department to pursue […]

The post Veteran Justice official who oversaw cybercrime cases to step down appeared first on CyberScoop.

Continue reading Veteran Justice official who oversaw cybercrime cases to step down