Shannon Vavra – Page 46 – WindowsTechs.com

Embassies targeted in ongoing spearphishing campaign that weaponized Microsoft Excel files

Posted on April 22, 2019 by Shannon Vavra

Embassies around the world have been targeted in a recent spate of spearphishing email attacks from Russian hackers, according to a new report from researchers at Check Point Technologies. The emails, which the hackers filled with U.S. State Department logos and “Top Secret” labels to trick victims into believing they were legitimate, were actually laced with malicious Microsoft Excel files. The documents were capable of leveraging a trojanized version of remote access software, TeamViewer, to gain control of infected computers. After gaining access and control, the hackers’ code allowed them to take screenshots of the victims’ PCs, allowing the hackers to steal victims’ usernames and login credentials. They’ve had access to “everything,” Check Point’s Threat Intelligence Group Manager Lotem Finkelsteen tells CyberScoop. “Databases, personal data, documents, networks, other devices connected. They have full access to the infected device.” The hackers succeeded in gaining full control of many of the computers they targeted, […]

The post Embassies targeted in ongoing spearphishing campaign that weaponized Microsoft Excel files appeared first on CyberScoop.

Continue reading Embassies targeted in ongoing spearphishing campaign that weaponized Microsoft Excel files→

Mueller report confirms Trump lobbied top intel officials to refute Russia stories

Posted on April 18, 2019 by Shannon Vavra

President Donald Trump pushed top intelligence officials to refute information tied to the investigations into links between his 2016 presidential campaign and Russia, according to information publicly released Thursday in Special Counsel Robert Mueller’s report. According to the report, Trump phoned then-NSA Director Adm. Mike Rogers on March 26, 2017 to complain the investigation was “messing up” his ability to get things done with Russia, as far as Rogers recalls. The president also asked Rogers if there was anything he could do to refute news stories linking him to Russia. Richard Ledgett, former NSA deputy director who was reportedly present for the exchange, drafted a memo about the substance of the call. He and Rogers both signed it and locked it in a safe. Ledgett “said it was the most unusual thing he had experienced in 40 years of government service,” the report states. By the time the phone call […]

The post Mueller report confirms Trump lobbied top intel officials to refute Russia stories appeared first on CyberScoop.

Continue reading Mueller report confirms Trump lobbied top intel officials to refute Russia stories→

Ongoing state-sponsored DNS hijacking campaign has compromised 40 entities

Posted on April 17, 2019 by Shannon Vavra

Hackers backed by a nation-state have successfully hijacked Domain Name System records to steal credentials from approximately 40 public and private entities across 13 countries in an attack that’s lasted for about two years, which Cisco’s Talos research team has dubbed “Sea Turtle” in research published Wednesday. The ongoing attack targets intelligence agencies, military organizations, and energy firms, as well as foreign ministries, telecommunications companies, and internet service providers. Cisco’s researchers characterize the attackers as “highly capable” and “unusually brazen,” but don’t go so far as to identify what country may be behind the attack. FireEye has indicated Iran is likely responsible for an attack that appears similar, but which Cisco claims is distinct from this new campaign. DNS hijacking allows hackers to gain credentials from victim entities in order to control the target’s DNS records — without flagging to the victims that they’re under attack. Using the DNS records, attackers are capable of […]

The post Ongoing state-sponsored DNS hijacking campaign has compromised 40 entities appeared first on CyberScoop.

Continue reading Ongoing state-sponsored DNS hijacking campaign has compromised 40 entities→

Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign

Posted on April 16, 2019 by Shannon Vavra

Government entities in Ukraine, including its military departments, were targeted with a spearphishing email campaign intended to conduct cyber-espionage early this year, according to a new report out Tuesday from FireEye. The malware and infrastructure from the campaign suggests the group behind the attack may have been active as early as 2014, and that it’s linked with the Luhansk People’s Republic, a group that declared independence from Ukraine in 2014 with backing from Russia’s military. This year’s campaign shows the group is becoming increasingly sophisticated with its tactics. For instance, one of the malicious files was disguised as an executable .LNK file, which can leverage legitimate apps, such as Microsoft Windows configuration management framework PowerShell, to download malware. This suggests attackers wanted to go unnoticed, since PowerShell hacks are blended into a trusted process that antivirus software usually doesn’t detect. “It’s really becoming mainstream to a point where a lot […]

The post Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign appeared first on CyberScoop.

Continue reading Quasi-Russian upstart reportedly targeted Ukraine in cyber-espionage campaign→