Author Archives: Shannon Vavra

These tiny islands are at the heart of an uncovered Chinese phishing campaign

Posted on by

Suspected Chinese hackers are behind a phishing campaign apparently aimed at collecting data about Vietnamese government officials amid an ongoing territorial dispute between the two nations, according to new findings. A hacking group known as Pirate Panda, which has possible ties to the Chinese government, is trying to trick Vietnamese government officials into clicking on malicious Microsoft Excel documents attached to emails purportedly detailing festivities for Vietnamese holidays, according to research the threat intelligence firm Anomali shared with CyberScoop. Targeted individuals appear to be located in Da Nang, Vietnam, near a collection of landmasses in the South China Sea known as the Paracel Islands. The area is one of the most hotly contested regions of the South China Sea, with Beijing claiming ownership of much of the waterway. In recent days, Vietnam has said it does not recognize China’s claims over the islands, while China has said that Vietnamese claims […]

The post These tiny islands are at the heart of an uncovered Chinese phishing campaign appeared first on CyberScoop.

Continue reading These tiny islands are at the heart of an uncovered Chinese phishing campaign

Vietnamese hackers exploited Google Play Store for espionage campaign

Posted on by

Hackers with suspected links to the Vietnamese government have been using the Google Play Store to distribute malicious software for the last four years, according to Kaspersky research published Tuesday. The targeted Android campaign, which Kaspersky dubbed “PhantomLance,” affected roughly 300 devices in nearly a dozen countries including Vietnam, India, Bangladesh, Indonesia, Iran, Algeria, South Africa, Nepal, Myanmar, and Malaysia, the company said. Researchers say with “medium confidence” the espionage campaign is connected to a known hacking group, OceanLotus or APT32, previously linked to the Vietnamese government. While attackers are targeting users in several countries, they appear to be especially focused on users in Vietnam. The effort suggests hackers are running domestic as well as foreign espionage operations, according to Kaspersky. They have been distributing their campaign through applications which promise to help users locate the nearest pub in Vietnam, or providing information on nearby churches. In addition to sharing APT32’s interest in victims located in Vietnam, the PhantomLance campaign’s malware, […]

The post Vietnamese hackers exploited Google Play Store for espionage campaign appeared first on CyberScoop.

Continue reading Vietnamese hackers exploited Google Play Store for espionage campaign

Facebook: NSO Group used U.S.-based servers in operations against WhatsApp users

Posted on by

Lawyers for WhatsApp’s parent company alleged in documents filed Thursday that NSO Group, the Israeli software surveillance firm accused of spying on over a thousand WhatsApp users, has used U.S.-based servers to launch its attacks. In court documents, Facebook-owned WhatsApp claims NSO Group used a server run by Los Angeles-based hosting provider QuadraNet “more than 700 times during the attack to direct NSO’s malware to WhatsApp user devices in April and May 2019.” Additionally, NSO Group used a remote server hosted by Amazon to target WhatsApp users, WhatsApp software engineer Claudiu Gheorghe said in the filing. The filing is a blow to NSO Group’s claims that its signature product, Pegasus, isn’t capable of running operations in the United States. “That invasion of WhatsApp’s servers and users’ devices constitutes unlawful computer hacking at the heart of the [Computer Fraud and Abuse Act]’s unauthorized-access offense,” WhatsApp claims in the filing. The filing is […]

The post Facebook: NSO Group used U.S.-based servers in operations against WhatsApp users appeared first on CyberScoop.

Continue reading Facebook: NSO Group used U.S.-based servers in operations against WhatsApp users

Hackers have been exploiting two zero-days to break into iPhones and iPads

Posted on by

A zero-day vulnerability in Apple’s Mail application for iOS has been used to target high-profile victims around the world for more than two years, according to ZecOps research published Wednesday. The flaw, which ZecOps uncovered through conducting a routine digital forensics and incident response investigation, is triggered by sending emails that consume a “significant amount” of a device’s memory. From there, hackers could gain access to email accounts via Mail, gaining the ability to leak, modify, or delete emails. If the attackers want to cause additional harm and gain further access to victim devices, it “would require an additional infoleak bug [and] a kernel bug afterwards,” the researchers write in a blog that details their findings. ZecOps assesses with “high confidence” that individuals at a U.S. company in the Fortune 500, managed security service providers from Saudi Arabia and Israel, an executive in Japan, a journalist in Europe, and a […]

The post Hackers have been exploiting two zero-days to break into iPhones and iPads appeared first on CyberScoop.

Continue reading Hackers have been exploiting two zero-days to break into iPhones and iPads

Vietnamese cyber-espionage has pivoted to Beijing’s coronavirus response

Posted on by

Hackers working on behalf of the Vietnamese government have been targeting Chinese government organizations tasked with managing the country’s response to the coronavirus pandemic, according to FireEye research published Wednesday. The attackers specifically sent spearphishing emails laced with METALJACK malware to employees at China’s Ministry of Emergency Management and the government of Wuhan, where the virus is believed to have originated. The malware, which was delivered via phishing emails, eventually gets loaded into memory. The hackers, which FireEye suspects to be a group called Ocean Lotus or APT32, are just the latest state-backed hacking operation that has pivoted to targeting the health care sector or coronavirus-related organizations in recent months. Mandiant Threat Intelligence, a subsidiary of FireEye, consider APT32’s campaign to be “part of a global increase in cyber-espionage related to the crisis, carried out by states desperately seeking solutions and nonpublic information” and is aimed at collecting more information on […]

The post Vietnamese cyber-espionage has pivoted to Beijing’s coronavirus response appeared first on CyberScoop.

Continue reading Vietnamese cyber-espionage has pivoted to Beijing’s coronavirus response

Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers

Posted on by

A bipartisan group of senators sent a letter to both the Department of Defense and Department of Homeland Security on Monday urging them to take more action to defend the U.S. healthcare sector against hackers that have been exploiting the coronavirus pandemic. The senators warned that if Gen. Paul Nakasone, the commander of U.S. Cyber Command, and Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA), don’t take more action to deter hackers, they will continue to pummel the U.S. healthcare sector will continue to get pummeled with coronavirus hacking campaigns. “Unless we take forceful action to deny our adversaries success and deter them from further exploiting this crisis, we will be inviting further aggression from them and others,” Sens. Richard Blumenthal, D-Conn.; Tom Cotton, R-Ark.; Mark Warner, D-Va.; David Perdue, R-Ga.; and Edward Markey, D-Mass. write. “The cybersecurity threat to our stretched and stressed medical and public health systems should […]

The post Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers appeared first on CyberScoop.

Continue reading Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers

Hackers are using coronavirus-themed phishing lures to go after DOD networks

Posted on by

Cybercriminals have been targeting U.S. military organizations with coronavirus-related spearphishing schemes, the Department of Defense Cyber Crime Center (DC3) said Monday in a release. “Even though many supplies, services and leisure activities have slowed down or come to a screeching halt, the one thing that has remained the same — or even gained momentum — is cyber-espionage,” the DC3 said in the announcement. According to DC3’s assessment, those behind the campaign aren’t just targeting defense industrial base companies and their networks — the goal is to break into systems run by the DOD. While cybercriminals and nation-state hackers have been targeting businesses and individuals around the world for months with coronavirus-themed spearphishing and spyware operations, it’s the first time the Pentagon has publicly said its own networks are coming under fire from hackers seeking to exploit the fears surrounding the pandemic. The memo comes via DC3’s information sharing outreach, which offers […]

The post Hackers are using coronavirus-themed phishing lures to go after DOD networks appeared first on CyberScoop.

Continue reading Hackers are using coronavirus-themed phishing lures to go after DOD networks

Coronavirus scientists are big targets for foreign cyber-espionage, FBI says

Posted on by

Nation-state hackers have been running cyber-espionage operations against medical research organizations in the U.S. that are studying the novel coronavirus, according to the FBI. “We have certainly seen reconnaissance activity and some intrusions into some of those institutions, especially those that have publicly identified themselves as working on COVID-19 related research,” the deputy assistant director of the FBI’s cyber division, Tonya Ugoretz, said Thursday while speaking on a virtual panel hosted by the Aspen Institute. Ugoretz did not specify the nature of the intrusions, the timing of the targeting and intrusions, or which entities had been targeted. Ugoretz noted that some of the research labs or hospitals that had been the focus of the foreign intelligence operations in recent weeks include those that have publicly shared that they are working on research related to the coronavirus, such as those entities working on developing vaccines against the virus. Several U.S. drug making titans and startups alike have […]

The post Coronavirus scientists are big targets for foreign cyber-espionage, FBI says appeared first on CyberScoop.

Continue reading Coronavirus scientists are big targets for foreign cyber-espionage, FBI says

Syrian government surveillance campaign turns to spreading malware in coronavirus apps

Posted on by

A Syrian government-backed hacking campaign has begun to distribute coronavirus-themed applications that are actually spyware, according to new research from mobile security firm Lookout. While some of the malware samples appear to have been created in March, the campaign is part of an espionage effort that has been in operation since at least January of 2018, according to Lookout. The campaign appears to target Arabic-speakers, Syrians, and those who may be critical of the Syrian government, Lookout Senior Security Intelligence Engineer Kristen Del Rosso told CyberScoop. “This is an ongoing campaign that has used a variety of application titles,” Del Rosso said. “But as with any major political event, economic event, health event — a new crisis gives actors something new to talk about to infect people [with malware].” In the last month alone, hackers tied to the Syrian government have leveraged at least 71 new malicious Android applications using coronavirus […]

The post Syrian government surveillance campaign turns to spreading malware in coronavirus apps appeared first on CyberScoop.

Continue reading Syrian government surveillance campaign turns to spreading malware in coronavirus apps

Dutch police orchestrate takedown of 15 DDoS-for-hire services

Posted on by

Dutch law enforcement has shut down 15 DDoS-for-hire services that were used to run cyberattacks aimed at knocking websites and networks offline. Although they did not reveal the names of the DDoS-for-hire booters that they stopped, Police in The Netherlands were able to arrest a 19-year-old man from The Netherlands, who is suspected of orchestrating a DDoS attack against two websites that provide information on the coronavirus. The affected websites, MijnOverheid.nl and Overheid.nl, were unavailable for several hours on March 19 after being bombarded with traffic, according to the Dutch police. “We want to protect people and companies and make it increasingly difficult for cyber criminals to carry out a DDoS attack,” the head of the cyber crime team of the Central Netherlands police, Jeroen Niessen, said in a statement on the takedown. Dutch citizens may have found the interruptions to Overhead.nl particularly exasperating because the site is used as a “digital letterbox” […]

The post Dutch police orchestrate takedown of 15 DDoS-for-hire services appeared first on CyberScoop.

Continue reading Dutch police orchestrate takedown of 15 DDoS-for-hire services