Sean Lyngaas – Page 25 – WindowsTechs.com

Why, and how, Turla spies keep returning to European government networks

Posted on October 28, 2020 by Sean Lyngaas

Turla, a group of suspected Russian hackers known for pinpoint espionage operations, have used updated tools to breach the computer network of an unnamed European government organization, according to new research. The research from consulting giant Accenture shows how, despite a large body of public data on Turla techniques, and a warning from Estonian authorities linking the hackers with Russia’s FSB intelligence agency, the group remains adept at infiltrating European government networks. The hacking tools are tailored to the victim organization, which Accenture did not name, and have been used over the last few months to burrow into the internal network and then ping an external server controlled by the attackers. The stealth is typical of Turla, which is known for stalking embassies and foreign affairs ministries in Europe and elsewhere for sensitive data. Turla’s tools are associated with a damaging breach of U.S. military networks in the mid-to-late 1990s, and an attack on […]

The post Why, and how, Turla spies keep returning to European government networks appeared first on CyberScoop.

Continue reading Why, and how, Turla spies keep returning to European government networks→

CISA chief rips IG report, touts election security efforts

Posted on October 27, 2020 by Sean Lyngaas

The head of the U.S. Cybersecurity and Infrastructure Security Agency has slammed a new inspector general report criticizing some of the agency’s election security work, calling the investigation “poorly timed” and its conclusions misleading. The Department of Homeland Security’s inspector general credited CISA for making progress in helping election officials mitigate cyberthreats, but also concluded the agency hadn’t invested enough resources in countering physical threats to election infrastructure. CISA officials say they’ve accounted for those threats in their preparation. Multiple federal agencies, including the FBI, also are working with state officials to guard against cyber and physical threats to the election. “While the OIG [office of the inspector general] recognizes our extensive coordination effort, releasing this report before Election Day fails to account for CISA’s actions throughout the entirety of the actual 2020 election cycle,” CISA Director Chris Krebs said in a statement. “While we can certainly update plans, use […]

The post CISA chief rips IG report, touts election security efforts appeared first on CyberScoop.

Continue reading CISA chief rips IG report, touts election security efforts→

As COVID-19 travel restrictions eased, scammers pounced

Posted on October 27, 2020 by Sean Lyngaas

You can add travel-booking scams to the ways that cybercriminals have adapted to the pandemic-era economy. After slashing prices on the hacking tools sold on underground forums and targeting software used for remote work, crooks have been monitoring the fluctuations in travel restrictions around the world for an opportunity to hawk illicit travel schemes, according to research published Tuesday by the threat intelligence firm Gemini Advisory. The analysts found an uptick in travel-related chatter on over a dozen cybercriminal forums since July, not long after countries in Europe began loosening travel controls. Mentions of travel-related issues on the forums went from roughly 100 per day in early June to more than 600 per day in early September, Gemini Advisory analysts said. “Numerous dark web forum members and Telegram channels have resumed advertising travel services after being dormant during the peak of COVID-19 pandemic,” Gemini Advisory said in a blog post. “One prominent […]

The post As COVID-19 travel restrictions eased, scammers pounced appeared first on CyberScoop.

Continue reading As COVID-19 travel restrictions eased, scammers pounced→

US Treasury sanctions 5 Iranian organizations for alleged election influence operations

Posted on October 22, 2020 by Sean Lyngaas

The Treasury Department on Thursday announced sanctions against five Iranian organizations for allegedly trying to influence the U.S. election through disinformation campaigns and other attempts to sow discord. Those sanctioned for the activity included the Islamic Revolutionary Guard Corps, one of its alleged front companies, the IRGC’s Quds Force and media companies allegedly linked to the Quds Force. It’s part of a broader federal effort to push back on foreign influence operations less than two weeks from Election Day. The Iranian media outlets are accused of using English-language articles that amplify “false narratives” to sow divisions among U.S. audiences. “As recently as summer 2020, Bayan Gostar was prepared to execute a series of influence operations directed at the U.S. populace ahead of the presidential election,” Treasury said in a statement, referring to one of the alleged front companies. The Iranian Mission to the United Nations did not immediately respond to […]

The post US Treasury sanctions 5 Iranian organizations for alleged election influence operations appeared first on CyberScoop.

Continue reading US Treasury sanctions 5 Iranian organizations for alleged election influence operations→

Russia-linked group that breached US state and local IT draws official accusation from feds

Posted on October 22, 2020 by Sean Lyngaas

It’s no secret that the hacking group often referred to as Energetic Bear or TEMP.Isotope — linked by multiple security firms to Russia — is the prime suspect in a handful of breaches of state and local networks in recent weeks. But now U.S. federal officials are formally blaming the hackers for the activity. It’s part of a broader U.S effort to more swiftly accuse foreign adversaries of wrongdoing ahead of Election Day while reassuring voters that the election is being protected. In this case, federal officials said the Russian group had used a combination of old and new software vulnerabilities to breach some IT infrastructure used by state and local officials, but that there was no evidence that the “integrity of elections data has been compromised.” “The Russian state-sponsored APT actor has targeted dozens of SLTT [state, local, territorial and tribal] and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of […]

The post Russia-linked group that breached US state and local IT draws official accusation from feds appeared first on CyberScoop.

Continue reading Russia-linked group that breached US state and local IT draws official accusation from feds→

Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals

Posted on October 21, 2020 by Sean Lyngaas

China is increasingly tolerant of criminal hackers on its soil if they are willing to hack on behalf of the Chinese government, a senior U.S. Justice Department official has alleged. Recent U.S. indictments of accused Chinese hackers indicate that the country “has become a safe haven for cybercriminals as long as they’re also doing work on behalf of the state,” John Demers, the assistant attorney general for national security, alleged in an interview for CyberTalks, the annual summit produced by Scoop News Group. “That’s very worrisome…because now you’ve got a country that’s giving free rein to criminal hackers.” It’s an accusation that U.S. government officials and security researchers have frequently leveled against Russia, as well. The blend, though, of criminal and state-sponsored activity in China will make it even more difficult for U.S. companies to defend themselves, Demers said. A spokesperson for the Chinese Embassy in Washington, D.C., called the allegations “groundless,” adding: “China is a […]

The post Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals appeared first on CyberScoop.

Continue reading Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals→

‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms

Posted on October 21, 2020 by Sean Lyngaas

One of the most prolific cyber-espionage groups linked to Iran has used old tricks — and perhaps a new hacking tool — in dozens of attempts to breach government and telecommunications operators in the Middle East in recent months, security researchers said Wednesday. The hacking attempts have hit organizations in Iraq, Kuwait, Turkey and the United Arab Emirates, according to researchers at security provider Symantec. Iran has strategic interests in all of those countries. And the attackers appear to be trying to smuggle key data from the organizations they managed to breach. It’s a reminder that while other hacking teams associated with Tehran have gained notoriety for disruptive, data-wiping attacks against Middle East organizations, the group known as MuddyWater, or Seedworm, has been relentless in its spying efforts. “These actors are extremely focused in what they’re doing,” said Vikram Thakur, technical director at Symantec, a division of semiconductor and software maker Broadcom. “They’re not […]

The post ‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms appeared first on CyberScoop.

Continue reading ‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms→

How US security officials are watching for threats ahead of Election Day

Posted on October 20, 2020 by Sean Lyngaas

FBI Director Christopher Wray once called the 2018 midterm elections a “dress rehearsal for the big show” of protecting the 2020 presidential election from foreign interference. The big show is finally here, and American officials say they are pulling out all the stops to keep it secure. U.S. intelligence, law enforcement and national security agencies have for weeks been in an “enhanced operational posture” to share any election-related threats with state and local officials, said Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The week before Election Day, which is Nov. 3, those security efforts will kick into overdrive. Officials from the Department of Defense, FBI, the Election Assistance Commission, political campaigns and the private sector are scheduled to gather at CISA’s operations center outside of Washington, D.C. The U.S. Postal Service, which is playing an expanded role in this year’s election with the increase in […]

The post How US security officials are watching for threats ahead of Election Day appeared first on CyberScoop.

Continue reading How US security officials are watching for threats ahead of Election Day→

Industry alert pins state, local government hacking on suspected Russian group

Posted on October 19, 2020 by Sean Lyngaas

Suspected Russian hackers were behind multiple recent intrusions of U.S. state and local computer networks, according to an industry analysis obtained by CyberScoop. The group responsible is known as TEMP.Isotope, according to a private advisory distributed by Mandiant, the incident response arm of security company FireEye. The alert notes that the same group has also been described as Energetic Bear, which multiple security firms have linked to Russia. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency on Oct. 9 publicized a hacking campaign in which attackers breached some “elections support systems,” or IT infrastructure that state and local officials use for a range of functions. Those systems are not involved in tallying votes, and the advisory from U.S. officials noted that there was no evidence that the “integrity of elections data has been compromised.” The federal advisory did not blame a particular hacking group for the activity, saying only that the campaign was the work of “advanced persistent […]

The post Industry alert pins state, local government hacking on suspected Russian group appeared first on CyberScoop.

Continue reading Industry alert pins state, local government hacking on suspected Russian group→

Google offers details on Chinese hacking group that targeted Biden campaign

Posted on October 16, 2020 by Sean Lyngaas

Google on Friday offered new details on tactics used by alleged Chinese government-linked hackers who previously targeted Democratic presidential nominee Joe Biden’s campaign, while warning that multiple state-linked hacking groups continue to show an interest in the U.S. election. The Chinese state-linked group, known as APT31, has been using malicious code hosted on the open-source platform GitHub to upload and download files on networks in targeted attacks, Google said in a blog post. The use of legitimate services, including Dropbox, have made the attacks more difficult to detect. The tech giant did not specify which organizations or industries were targeted in the activity, or even if it affected political campaigns. Google did say it shares its election-related findings with the FBI and political campaigns to help protect them from the threat. “Overall, we’ve seen increased attention on the threats posed by [advanced persistent threats] in the context of the U.S. election,” […]

The post Google offers details on Chinese hacking group that targeted Biden campaign appeared first on CyberScoop.

Continue reading Google offers details on Chinese hacking group that targeted Biden campaign→