Author Archives: Shannon Vavra

Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election

Posted on by

The Department of Defense has sent personnel abroad to hunt for malicious software that adversaries may be using against U.S. voting infrastructure or networks prior to Election Day. Gen. Paul Nakasone announced Tuesday in a Foreign Affairs editorial that Cyber Command personnel would be deployed as part of a plan to allow defensive cyber-operators from the Pentagon to identify malware targeting other countries’ networks and systems. Similar attacks could later be used for attempted intrusions aimed at disrupting American technologies. The announcement coincides with ongoing efforts between Cyber Command, the military’s offensive hacking outfit, and the National Security Agency to monitor threats to the 2020 U.S. presidential election from Russia, China, Iran, North Korea. It was not immediately clear where the military personnel were deployed. Cyber Command has run multiple so-called Hunt Forward missions in Montenegro, which, Russian military hackers have aimed to disrupt their political process, as they did with a hack-and-leak operation against the Democratic National Committee […]

The post Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election appeared first on CyberScoop.

Continue reading Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election

U.S. military researchers may have found a more productive vulnerability discovery process

Posted on by

A study from the U.S. government shows there is proof of a way to be more efficient when looking for flaws in software. Security researchers of all expertise levels do better with an improved, automated analysis that better allocates human resources during investigations, U.S. military researchers from the National Security Agency, Cyber Command, Navy, Air Force, and Army posit in new research published this month. This differs from a common approach taken when researchers are more naturally inclined to zero in on a given piece of software to try to find flaws. “There is a cognitive bias in the hacker community to select a piece of software and invest significant human resources into finding bugs in that software without any prior indication of success,” they write in the paper. This status quo, which the researchers call the “depth-first” approach, places more of a burden on experienced researchers while beginners get […]

The post U.S. military researchers may have found a more productive vulnerability discovery process appeared first on CyberScoop.

Continue reading U.S. military researchers may have found a more productive vulnerability discovery process

List of 2020 election meddlers includes Cuba, Saudi Arabia and North Korea, US intelligence official says

Posted on by

Cuba, Saudi Arabia, and North Korea are working to influence U.S. elections by running information operations, according to the top counterintelligence official in the Trump administration. All three seek to sow discord as Election Day looms, according to Bill Evanina, the Director of the National Counterintelligence and Security Center at the Office of the Director of National Intelligence. He did not specify the nature and duration of the operations. “I believe we’re going to have a lot of things that occur in the next 70 days that are going to impact and influence those issues, from nation-state threat actors, whether it be Iran, China, and obviously Russia. We have other countries getting in the nexus because they think it works,” Evanina said during a U.S. Chamber of Commerce virtual event Wednesday. “They want to be able to provide their optics for discord in the United States … countries like Cuba, and […]

The post List of 2020 election meddlers includes Cuba, Saudi Arabia and North Korea, US intelligence official says appeared first on CyberScoop.

Continue reading List of 2020 election meddlers includes Cuba, Saudi Arabia and North Korea, US intelligence official says

FBI, DHS expose North Korean government malware used in fake job posting campaign

Posted on by

The FBI and DHS’ cybersecurity agency exposed malware Wednesday that North Korean government hackers have been using this year to target defense contractors in the military and energy sectors. The hackers have been targeting contractors with fake job postings from other defense contracting entities to lure them to click through and install the data-gathering implant on their systems, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) said in a joint Malware Analysis Report (MAR). The attacks leverage a remote access trojan (RAT), which the FBI and the CISA call “BLINDINGCAN,” to gain a foothold into networks and then maintain access for further network exploitation, the FBI and CISA said. The hackers, belonging to a group the U.S. government calls Hidden Cobra, have been using the malicious software in an effort to collect intelligence surrounding key military and energy technologies, the FBI and CISA said. As part of their lures, […]

The post FBI, DHS expose North Korean government malware used in fake job posting campaign appeared first on CyberScoop.

Continue reading FBI, DHS expose North Korean government malware used in fake job posting campaign

Bolton: Russia, China ‘undoubtedly’ interfering in 2020 U.S. elections

Posted on by

Russia and China are “undoubtedly” working to interfere in the 2020 presidential election in the U.S., Trump’s former national security adviser John Bolton said Tuesday. The comment, which Bolton shared in response to a question from CyberScoop about offensive cyber-operations, came days after the Office of the Director of National Intelligence shared publicly that a whole host of foreign governments, including Russia, China, and Iran, are trying to exert influence over the U.S. presidential election this year. Russia is working to “primarily denigrate former Vice President [Joe] Biden,” while China “prefers” that Trump “does not win reelection,” the U.S. intelligence shows, according to the ODNI. Iran has set its focus on spreading disinformation on social media and seeks to “undermine U.S. democratic institutions, President Trump, and to divide the country,” according to the ODNI. The U.S., however, can and should hit back in cyberspace in an effort to try to […]

The post Bolton: Russia, China ‘undoubtedly’ interfering in 2020 U.S. elections appeared first on CyberScoop.

Continue reading Bolton: Russia, China ‘undoubtedly’ interfering in 2020 U.S. elections

Final Senate Intel report details remarkable contact between Trump campaign, Russian spies

Posted on by

President Donald Trump’s 2016 campaign manager was closely tied to a person the United States considers a Russian intelligence officer, and may have been involved in the Russian hack-and-leak operation targeting Hillary Clinton’s campaign in 2016, the Senate Intelligence Committee said in a bipartisan report released Tuesday. Paul Manafort, Trump’s campaign manager, hired Konstantin Kilimnik, a Russian national and Ukrainian political operative, years ago to manage his consulting office in Ukraine, and had been working with Manafort since the mid-2000s, according to the Department of Justice. But while Special Counsel Robert Mueller previously said Kilimnik had “ties” to Russian intelligence, the bipartisan report identifies him as a Russian intelligence officer, and alleges that he has a possible connection to the Russian military’s hacking-and-dump scheme targeting Clinton and the Democratic National Committee in 2016. “Kilimnik is a Russian intelligence officer,” states the committee’s fifth report, the final installment of the committee’s investigation into Russian election interference in 2016. “Kilimnik may have been […]

The post Final Senate Intel report details remarkable contact between Trump campaign, Russian spies appeared first on CyberScoop.

Continue reading Final Senate Intel report details remarkable contact between Trump campaign, Russian spies

Trump administration expands economic restrictions on Huawei

Posted on by

The U.S. Department of Commerce announced Monday it was taking several steps to further restrict Huawei’s ability to acquire electronic components developed using U.S. technology. As part of its actions, the department is adding 38 Huawei affiliates around the world to the U.S. government’s economic black list, which will make it difficult for Huawei to obtain semiconductors — even those produced outside of the U.S. — without a U.S. stamp of approval. The additional restrictions build on earlier limitations the Trump administration issued in May, when it aimed to reduce Huawei’s ability to purchase semiconductors produced with U.S. technologies. The move to expand the list comes as the Trump administration is becoming increasingly successful in its efforts to marshal U.S. allies to block Huawei’s operations in their countries, over concerns the company could work with the Chinese government on government spying objectives. Huawei has denied it spies on customers at the behest of […]

The post Trump administration expands economic restrictions on Huawei appeared first on CyberScoop.

Continue reading Trump administration expands economic restrictions on Huawei

NSA, FBI publicize hacking tool linked to Russian military intelligence

Posted on by

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations. Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report. The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU. While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election. “Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System […]

The post NSA, FBI publicize hacking tool linked to Russian military intelligence appeared first on CyberScoop.

Continue reading NSA, FBI publicize hacking tool linked to Russian military intelligence

A financially-motivated attack group is getting better at using this banking trojan

Posted on by

Threat actors using a common banking trojan are improving the ways they get it on victims’ systems, according to new research from Juniper Networks’ threat research team. In recent months the operators have been working to evade detection by using password protected attachments and keyword obfuscation in their trojanized documents, according to Juniper Threat Labs. And in the last month, the hackers have gone a step further and begun using a malicious DLL file to run a second-stage attack that ultimately delivers IcedID, a banking trojan, says Juniper security researcher Paul Kimayong. “This time, they also use a DLL for the second-stage downloader, which shows a new maturity level of this threat actor,” Kimayong says in a blog on the matter. IcedID, which IBM X-Force researchers discovered in 2017, has been used in a variety of financially-motivated attacks targeting banks, payment card providers, payroll, and e-commerce sites. The attackers have […]

The post A financially-motivated attack group is getting better at using this banking trojan appeared first on CyberScoop.

Continue reading A financially-motivated attack group is getting better at using this banking trojan

North Korean hackers are targeting Israel’s defense sector, Israel Ministry of Defense claims

Posted on by

North Korean government-linked hackers have been targeting the Israeli defense sector with fake job offers, Israel’s Ministry of Defense said Wednesday. The actors, which Israel says were part of Lazarus Group, a hacking outfit the U.S. government has linked to North Korea, sent their phony job offers through LinkedIn. The hackers created fake LinkedIn accounts impersonating CEOs and top officials at multinational companies to run their scam, according to the Ministry of Defense. It’s the latest example of North Korean hackers using fake job offers to zero in on targets of its espionage operations. In 2016 and 2017, North Korean hackers sent spearphishing emails posing as job recruiters in an attempt to break into the computer systems of Lockheed Martin, according to the U.S. Department of Justice. Just last month, Lazarus Group hackers appeared to be sending fake job offers through LinkedIn to gather intelligence, according to McAfee research. Israel’s Ministry of […]

The post North Korean hackers are targeting Israel’s defense sector, Israel Ministry of Defense claims appeared first on CyberScoop.

Continue reading North Korean hackers are targeting Israel’s defense sector, Israel Ministry of Defense claims