Advanced Persistent Threat (APT) – Page 4

State-sponsored hackers try to exploit flaw in popular mobile software, UK warns

Posted on November 24, 2020 by Sean Lyngaas

Suspected state-sponsored hackers and cybercriminals are trying to exploit a five-month-old vulnerability in popular mobile device management software to target a range of U.K. organizations in the local government, health, logistics and legal sectors, the British government warned Monday. Organizations use the affected software to manage mobile devices from a central server, “making them a valuable target for threat actors,” the U.K.’s National Cyber Security Centre (NCSC) said in a security advisory. By breaking into the mobile device management (MDM) software, snoops could selectively steal information from mobile devices communicating with the MDM server. Some of the exploitations have been successful, the NCSC said without elaborating. The NCSC did not name any foreign governments suspected to be behind the activity. It was also unclear what type of health care organizations were targeted. The NCSC did not respond to a request for comment. The advisory is part of a consistent effort by […]

The post State-sponsored hackers try to exploit flaw in popular mobile software, UK warns appeared first on CyberScoop.

Continue reading State-sponsored hackers try to exploit flaw in popular mobile software, UK warns→

More suspected North Korean malware identified after US alert on Kimsuky hackers

Posted on November 2, 2020 by Joe Warminsky

Security researchers say they uncovered more tools associated with a North Korea-linked cyber-espionage group that was the subject of a U.S. government alert last week. The previously undocumented malware and server infrastructure appear to be the work of Kimsuky, an advanced persistent threat (APT) group, according to the researchers with Boston-based Cybereason. U.S. military and civilian agencies issued a joint warning about the APT on Oct. 27, saying the current threat was greatest for “commercial sector businesses,” although Kimsuky has often targeted government agencies, think tanks and other organizations connected to geopolitics. Organizations in the U.S., Europe, Japan, South Korea and Russia appear to be the targets, Cybereason says. Kimsuky also has a history of trying to gather intelligence about sanctions, nuclear policy and other issues salient to the Korean Peninsula. A U.N. Security Council report earlier this year said Kimsuky appeared to be behind hacking attempts against the international body. Kimsuky typically […]

The post More suspected North Korean malware identified after US alert on Kimsuky hackers appeared first on CyberScoop.

Continue reading More suspected North Korean malware identified after US alert on Kimsuky hackers→

Hacking group has hit Taiwan’s prized semiconductor industry, Taiwanese firm says

Posted on August 6, 2020 by Sean Lyngaas

Taiwan’s semiconductor industry, a centerpiece of the global supply chain for smartphones and computing equipment, was the focus of a hacking campaign targeting corporate data over the last two years, Taiwan-based security firm CyCraft Technology claimed Thursday. The hackers went after at least seven vendors in the semiconductor industry in 2018 and 2019, quietly scouring networks for source code and chip-related software, CyCraft said. Analysts say the campaign, which reportedly hit a sprawling campus of computing firms in northwest Taiwan, shows how the tech sector’s most prized data is sought out by well-resourced hacking groups. “They’re choosing the victims very precisely,” C.K. Chen, senior researcher at CyCraft, said of the hackers. “They attack the top vendor in a market segment, and then attack their subsidiaries, their competitors, their partners and their supply chain vendors.” It was unclear which companies were targeted; CyCraft declined to name them. It was also unclear who was responsible for the […]

The post Hacking group has hit Taiwan’s prized semiconductor industry, Taiwanese firm says appeared first on CyberScoop.

Continue reading Hacking group has hit Taiwan’s prized semiconductor industry, Taiwanese firm says→

Australia blames a state actor for major disruptions. China is already denying it.

Posted on June 19, 2020 by Jeff Stone

Government agencies and private companies in Australia are experiencing a “sophisticated” cyberattack carried out by a nation-state, according to Prime Minister Scott Morrison. In an announcement Friday, Morrison informed the public that “all levels of government” and a number of critical businesses and essential services are dealing with malicious activity that is accelerating in severity after beginning months ago. Specific details about the incident are scarce, and Morrison has declined to name the government behind the attacks, the motive or the exact nature of the incident. There has not been a major compromise of personal data, he said. “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” he said. “There aren’t too many state-based actors who have those capabilities.” Senior government officials told Australia’s ABC News that China is the main suspect in the attack, adding that […]

The post Australia blames a state actor for major disruptions. China is already denying it. appeared first on CyberScoop.

Continue reading Australia blames a state actor for major disruptions. China is already denying it.→

FBI offers US companies more details from investigations of health care hacking

Posted on May 21, 2020 by Sean Lyngaas

The FBI has provided U.S. companies more information on the extent of recent criminal and foreign government-backed hacking operations against the health care sector and warned of ongoing efforts to steal U.S. research data. Criminal and state actors continue to target U.S. clinical trial data, trade secrets, and the “sensitive data and proprietary research of U.S. universities and research facilities,” the FBI told industry in an advisory this week. “Likely due to the current global public health crisis, the FBI has observed some nation-states shifting cyber resources to collect against the [health care and public health] sector, while criminals are targeting similar entities for financial gain.” The advisory, which CyberScoop obtained, includes multiple examples since February of state-linked hackers trying to compromise and retain access to the networks of organizations in the U.S. health care and public health sector. It is the latest in a series of warnings from U.S. officials about similar […]

The post FBI offers US companies more details from investigations of health care hacking appeared first on CyberScoop.

Continue reading FBI offers US companies more details from investigations of health care hacking→

State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn

Posted on May 5, 2020 by Sean Lyngaas

Hackers linked with foreign governments continue to target multiple global health care organizations and pharmaceutical companies in a possible bid to gather intelligence or steal research related to the coronavirus pandemic, American and British cybersecurity agencies said Tuesday. The U.S. Department of Homeland Security’s cybersecurity division and the U.K.’s National Cyber Security Centre (NCSC) “are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities,” the agencies said in a joint advisory. They did not point the finger at particular governments. Advanced persistent threat (APT) groups, as state-linked hackers are known, have been scanning public websites of target companies looking for insecure software to exploit, said DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the NCSC. Hackers have also been using a technique called password spraying, which throws common passwords at targets until one of them works, to attack health care organizations in the U.S., […]

The post State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn appeared first on CyberScoop.

Continue reading State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn→

U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic

Posted on April 8, 2020 by Sean Lyngaas

American and British cybersecurity authorities on Wednesday issued a fresh warning that “a growing number of cyber criminals and other malicious groups” are exploiting the coronavirus pandemic, adding to a chorus of public and private-sector advisories intended to blunt COVID-19-related hacking. Criminals have been scanning for vulnerabilities in remote access software as people around the world stay home, while state-linked hackers, known as Advanced Persistent Threats (APTs), are impersonating trusted organizations to further their cyber-operations, U.S. and U.K. officials said. “Both APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months,” says the advisory from the U.S. Department of Homeland Security’s cybersecurity division and the U.K.’s National Cyber Security Centre (NCSC). Overall levels of cybercrime haven’t increased, the agencies said, but the use of COVID-19-related hacking lures has grown. The NCSC pointed to a text-message-based phishing scam purporting to offer Britons financial relief […]

The post U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic appeared first on CyberScoop.

Continue reading U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic→

A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details

Posted on April 6, 2020 by Jeff Stone

A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic, according to a Chinese security firm. An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate “many” Chinese institutions and government agencies, Qihoo 360 said in a report published Monday. In one case, DarkHotel hackers used a previously unknown software vulnerability in the enterprise Sangfor SSL VPN software, then installed malicious software onto victim machines to collect user data. The timing of the attack coincides with instructions from the Chinese government forcing citizens to work from home in order to mitigate COVID-19’s spread. Outside security researchers with experience chasing nation-state hacking groups immediately questioned whether Qihoo 360 could be sure that the DarkHotel group could be behind the campaign. “I’m going to be […]

The post A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details appeared first on CyberScoop.

Continue reading A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details→

Kaspersky finds a new APT campaign targeting engineers in the Middle East

Posted on March 24, 2020 by Sean Lyngaas

A mysterious set of hackers last year began a targeted campaign to breach industrial organizations in the Middle East, antivirus firm Kaspersky said Tuesday. Attackers have sought to breach engineers, particularly in a single, unnamed Middle Eastern country, adding to a long history of cyber operations in the region. They’re relying on a strain of malicious software that’s tailored for espionage, and does not appear to match any code the researchers have seen before. Exactly who is behind the effort remains unclear. The sensitivity of the targets, and the fact that the activity is ongoing, prompted the researchers to go public with their findings. The Moscow-based company labeled the activity an “advanced persistent threat” (APT), a loose term for well-resourced hackers often linked to government interests. Kaspersky designated the hacking campaign “WildPressure.” “Anytime the industrial sector is being targeted, it’s concerning,” said Kaspersky senior security researcher Denis Legezo. There is no indication that hackers have done anything beyond […]

The post Kaspersky finds a new APT campaign targeting engineers in the Middle East appeared first on CyberScoop.

Continue reading Kaspersky finds a new APT campaign targeting engineers in the Middle East→

Safeguarding Healthcare for the Future With Zero Trust Security

Posted on March 11, 2020 by Aaditya Bhagra

A Zero Trust security model can help healthcare organizations provision access in a more effective manner by focusing on data, workloads and identity.

The post Safeguarding Healthcare for the Future With Zero Trust Security appeared first on Security Intelligence.

Continue reading Safeguarding Healthcare for the Future With Zero Trust Security→