Author Archives: Shannon Vavra

Hackers spearphished U.S. government agency with North Korea-related content last year

Posted on by

In the second half of 2019, a U.S. government agency was targeted by repeated spearphishing attempts that could be from a mysterious group that has evaded attribution for years, according to new research issued Thursday by security firm Palo Alto Networks. The campaign, waged between July and October of 2019, targeted one U.S. government agency, which researchers at Palo Alto Networks’ Unit 42 do not identify, as well as two unnamed foreign nationals who are “professionally affiliated with” North Korea. The contents of the emails, which were sent with malicious files attached, touched on North Korean geopolitical topics, such as the possibility of a dialogue between Washington and Pyongyang or Russian-North Korean trade issues. Unit 42’s report does not say whether the spearphishing campaign was successful. The suspected hacking group — which Unit 42 and researchers from Cisco Talos have detailed in previous research — is known to target entities and individuals “who have interest in, are […]

The post Hackers spearphished U.S. government agency with North Korea-related content last year appeared first on CyberScoop.

Continue reading Hackers spearphished U.S. government agency with North Korea-related content last year

The big questions from FTI’s report on the Jeff Bezos hack

Posted on by

A cybersecurity forensics team has concluded with “medium to high confidence” that Saudi Crown Prince Mohammed bin Salman hacked Jeff Bezos’ iPhone X in 2018, but the analysis has not impressed the information security community. The firm, FTI Consulting, may have good reasons to conclude there was unauthorized exfiltration of data from Bezos’ phone after bin Salman sent him a WhatsApp message containing a suspicious video file. But the publicly available information about FTI’s work has left many cybersecurity experts with questions about who really hacked Bezos’ phone and how the attackers did it. The report — published Wednesday by Motherboard after a United Nations statement had summarized its findings — is a rare look into the forensic analysis of a device suspected to be the target of nation-state hacking. And given Bezos’ high profile as the owner of The Washington Post and the founder of Amazon, the case is likely to draw intense scrutiny for the indefinite […]

The post The big questions from FTI’s report on the Jeff Bezos hack appeared first on CyberScoop.

Continue reading The big questions from FTI’s report on the Jeff Bezos hack

Hack of Jeff Bezos’ phone likely happened through Saudi crown prince, analysts tell U.N.

Posted on by

With “medium to high confidence,” forensic investigators have concluded that Saudi Crown Prince Mohammed bin Salman was directly involved in hacking into Jeff Bezos’ phone in 2018, according to a U.N. report released Wednesday. The hack, which allowed “intrusive surveillance” of Bezos according to the U.N., came after bin Salman and the Amazon founder met at a dinner in April 2018 while the crown prince was touring the U.S. The Guardian first reported the alleged surveillance of Bezos on Tuesday. Following an exchange of WhatsApp messages, bin Salman sent a malicious and encrypted file to Bezos, which led to the exfiltration of large amounts of data, according to the report. The interaction took place months before the murder of Washington Post columnist Jamal Khashoggi in Turkey, which American intelligence has assessed to have been carried out under orders from bin Salman. Bezos also owns the Washington Post. Soon after meeting bin Salman — also known as MBS […]

The post Hack of Jeff Bezos’ phone likely happened through Saudi crown prince, analysts tell U.N. appeared first on CyberScoop.

Continue reading Hack of Jeff Bezos’ phone likely happened through Saudi crown prince, analysts tell U.N.

Secret Service to launch private-sector cybercrime council

Posted on by

The Secret Service has recently hand-picked a small group of private-sector cybersecurity experts to advise the agency’s investigations team on how it can better take down cybercriminals, CyberScoop has learned. The council, which will be known as the “Cyber Investigations Advisory Board” (CIAB), will aim to “provide Secret Service’s Office of Investigations with outside strategic input for the agency’s investigative mission, including insights on the latest trends in cybercrime, financial crime, technology, and investigative techniques,” according to an internal Secret Service Electronic Crimes Task Force Bulletin. The 16-member federal advisory committee (FAC) will be the first one ever for the investigative unit, which focuses on financial crimes such as counterfeiting, card-skimming and other forms of fraud. Previous FACs all have been established for the Secret Service’s more widely known protection mission, which provides security for U.S. presidents and other dignitaries. Invitations for the FAC were sent earlier this month. Jonah Hill, a senior cyber policy advisor […]

The post Secret Service to launch private-sector cybercrime council appeared first on CyberScoop.

Continue reading Secret Service to launch private-sector cybercrime council

Top Secret documents show Cyber Command’s growing pains in its mission against ISIS

Posted on by

U.S. government documents made public Tuesday show that while a U.S. Cyber Command operation that disrupted ISIS computer networks was largely successful, there were significant shortcomings, including operators having trouble collecting data, interagency deconfliction issues, difficulty vetting targets, and, in at least one case, a close call with the operation being discovered by the adversary. The documents, shared with CyberScoop via George Washington University’s National Security Archive, show how the command has faced significant internal hurdles as Pentagon leadership has pushed Cyber Command to grow into a well-respected force since its creation in 2009. They include briefings on how Cyber Command measured the effectiveness of Operation Glowing Symphony, a mission carried out in 2016 that was meant to isolate and destroy ISIS networks used to spread the terrorist group’s propaganda. The documents show the gaps needed for the U.S. government to scale and expand its offensive cyber missions beyond ISIS to […]

The post Top Secret documents show Cyber Command’s growing pains in its mission against ISIS appeared first on CyberScoop.

Continue reading Top Secret documents show Cyber Command’s growing pains in its mission against ISIS

Pete Buttigieg’s campaign CISO has resigned

Posted on by

The Chief Information Security Officer for Democratic presidential candidate Pete Buttigieg’s campaign, Mick Baccio, has resigned, CyberScoop has learned. Baccio, who has been with the Buttigieg campaign since last August, told CyberScoop he left because he no longer agreed with the way senior leadership in the campaign was envisioning campaign cybersecurity. “[I left due to] fundamental philosophical differences with the campaign management regarding the architecture and scope of the information security program,” Mick Baccio told CyberScoop. Baccio declined to share details about what exactly led to his resignation. The campaign did not return a request for comment. Baccio’s departure may come as a blow to the campaign’s cybersecurity operations, as concerns about foreign interference in elections mount. Since joining, Baccio has been responsible for maintaining the campaign’s cyber hygiene, use of encrypted chat applications and two-factor authentication, and ultimately making sure the kind of breach that happened at the Democratic […]

The post Pete Buttigieg’s campaign CISO has resigned appeared first on CyberScoop.

Continue reading Pete Buttigieg’s campaign CISO has resigned

The NSA discovered a severe flaw in Microsoft Windows 10

Posted on by

The National Security Agency recently uncovered a severe vulnerability in Microsoft’s Windows operating system, helping the company issue patches and publicly raise awareness instead of using the flaw for its intelligence operations. The flaw, for which Microsoft issued a patch, makes Windows 10 and Windows Server 2016/2019 “fundamentally vulnerable,” according to a NSA advisory. Listed as CVE-2020-0601, the vulnerability occurs because Microsoft Windows CryptoAPI fails to properly validate certificates that use elliptic curve cryptography, which may allow an attacker to spoof the validity of certificate chains. “The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution,” the NSA’s advisory reads. Anne Neuberger, the Director of the NSA’s Cybersecurity Directorate, said on a call Tuesday that the vulnerability caused great concern inside the Department of Defense because it’s fundamental to the trust of critical systems throughout the DOD and the U.S. government. “We […]

The post The NSA discovered a severe flaw in Microsoft Windows 10 appeared first on CyberScoop.

Continue reading The NSA discovered a severe flaw in Microsoft Windows 10

Report: Russian hackers waged broad phishing campaign against company tied to Trump impeachment

Posted on by

Hackers linked to the Russian government have been targeting Burisma, a Ukrainian company tied to the impeachment trial against President Donald Trump, with a wide-ranging phishing campaign, according to California-based anti-phishing firm Area 1 Security. The campaign, which started in November, came as Congress was holding hearings tied to efforts by Trump to have Ukrainian President Voldymr Zelenskiy investigate Vice President Joe Biden and his son, Hunter Biden, who served on the board of Burisma. The hackers, which Area 1 says work on behalf of Russia’s Main Intelligence Directorate, created fake websites designed to look like legitimate Burisma subsidiary websites and login pages. They then sent Burisma employees emails that looked to be authentic internal company emails with links to illegitimate login pages designed to steal login credentials. The subsidiaries that were mimicked include KUB-Gas LLC, Esko-Pivnich, and CUB Energy Inc., according to the Area 1 report. Although it wasn’t […]

The post Report: Russian hackers waged broad phishing campaign against company tied to Trump impeachment appeared first on CyberScoop.

Continue reading Report: Russian hackers waged broad phishing campaign against company tied to Trump impeachment

TrickBot developers have spun up a new backdoor for high-value targets

Posted on by

The people behind banking trojan TrickBot have expanded the malware’s capability with a new backdoor meant to compromise high-value targets, according to new research from SentinelOne. The update should cause alarm for the financial sector, since it can enable cybercriminals to infect systems undetected with malicious software, and then surreptitiously escalate their attack to pilfer off confidential banking information, or launch ransomware attacks, according to SentinelLabs, SentinelOne’s new threat intelligence division. The new backdoor, which SentinelLabs calls “PowerTrick,” is likely launched through Windows management system PowerShell, which seems to indicates that the new fuction has been developed to reach intended victims while avoiding detection. “‘PowerTrick’ is a flexible new tool that allows attackers to augment their access on the fly while still staying undetected, bypassing restrictions and security controls,” Vitali Kremez, who leads research at SentinelLabs, said in a blog post. These findings are the latest addition to a growing body of research that details how scammers […]

The post TrickBot developers have spun up a new backdoor for high-value targets appeared first on CyberScoop.

Continue reading TrickBot developers have spun up a new backdoor for high-value targets

Kaspersky: North Korean hackers getting more careful, targeted in financial hacks

Posted on by

North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses. And although some of the fake companies and websites rarely pass the smell test — the links on these weaponized websites don’t always work — hackers known as Lazarus Group or APT38 have been getting increasingly careful in other areas, according to new Kaspersky Lab research. Namely, the hacking outfit has been tweaking some of its malware, delivery mechanisms, and payloads in an attempt to decrease their chances of getting caught, according to Kaspersky. In the last two years, multiple researchers have revealed some of Lazarus Group’s latest antics relying on front companies. The hackers have been using a fake company, “JMT Trading,” to install backdoors to funnel funds to Pyongyang, multiple researchers revealed in 2019, for example. The year prior, Kaspersky uncovered that these hackers were using […]

The post Kaspersky: North Korean hackers getting more careful, targeted in financial hacks appeared first on CyberScoop.

Continue reading Kaspersky: North Korean hackers getting more careful, targeted in financial hacks