Russian hackers using stolen corporate email accounts to mask their phishing attempts

Hackers working for Russian military intelligence have long relied on zero-days and malware to target their victims, but in the last year they’ve kept it simple — using previously hacked email accounts to send a wide array of phishing attempts, according to new research from security firm Trend Micro. Since at least May of last year, the group known as Fancy Bear, APT28, or Pawn Storm, has used hacked email accounts belonging to high-profile personnel working at defense firms in the Middle East to carry out the operation, according to Feike Hacquebord, a senior threat researcher at Trend Micro. “The actor connects to a dedicated server using the OpenVPN option of a commercial VPN provider and then uses compromised email credentials to send out credential spam via a commercial email service provider,” Hacquebord writes in the research. The group, which the U.S. Department of Justice linked with Russia’s Main Intelligence Directorate […]

The post Russian hackers using stolen corporate email accounts to mask their phishing attempts appeared first on CyberScoop.

Continue reading Russian hackers using stolen corporate email accounts to mask their phishing attempts

Austria Repels Foreign State-Sponsored Attempt to Hack Foreign Ministry

Austria’s Foreign Ministry fought off a cyberattack over the weekend that it says was likely directed by a foreign state. The ministry said the attack started on Jan. 4 and might continue for a few more days, it but revealed few further details. … Continue reading Austria Repels Foreign State-Sponsored Attempt to Hack Foreign Ministry

Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections

The Pentagon once again is sending cyber personnel overseas to gather intelligence to help protect the 2020 presidential elections against foreign interference, the U.S. Embassy in Montenegro announced this week. U.S. European Command and U.S. Cyber Command are deploying an undisclosed number of staffers to Montenegro in order to gain insights into cyber threats from adversaries before both the U.S. and Montenegrin elections next year. It’s the second time in as many years the Department of Defense is running going through the effort as part of a partnership that’s uniquely poised to provide insights on possible Russian election interference. Montenegro and the U.S. both have been targeted by the Russian government-linked hacking outfit APT28, or Fancy Bear. If Cyber Command uncovers similar activity again in Montenegro, those insights could inform decisions on how to safeguard the U.S. “Montenegro is among the first in Europe to face unconventional attacks on its democracy and freedom […]

The post Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections appeared first on CyberScoop.

Continue reading Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections

Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics

State-sponsored Russian hackers are targeting anti-doping authorities and other sports-related organizations ahead of the Tokyo Olympics in 2020, Microsoft announced on Monday. The hacking group known as Fancy Bear — or Strontium, APT28 and other names — targeted at least 16 national and international organizations across three continents starting Sept. 16, Tom Burt, Microsoft’s vice president for customer security and trust said in a blog post. That date roughly coincides with when World-Anti Doping Agency officials told international media outlets that Russia may be banned from all international sporting events over “inconsistencies” at its Moscow testing facility. Microsoft reported Monday that some of the attacks detected in recent weeks were successful, but “the majority were not.” The company did not name any specific victims. The news comes less than a year before the next Summer Games begin in July 2020. The World Anti-Doping Authority long has been a target of interest for Russian hackers. Fancy […]

The post Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics appeared first on CyberScoop.

Continue reading Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics

Microsoft banks on new silicon chips built by Intel, others to fend off firmware attacks

Microsoft is pushing an initiative meant to protect its computers’ most sensitive data amid recent revelations that nation-state hackers are beginning to exploit the fragmented nature of the company’s supply chain. The company on Monday started pushing Secured-core PCs, its term for machines that will come with Windows 10, Microsoft’s latest PC operating system; Windows Hello, which allows users to log in without a password; and, most importantly, silicon microchips built by Intel Corp., Qualcomm and AMD that are meant to more closely guard sensitive data. By ensuring that PCs are loading legitimate Windows operating systems when a devices activate, the plan goes, Microsoft will ensure that users aren’t actually loading a malicious OS inserted by an outsider. The effort goes public more than a year after security researchers at ESET caught APT28 — a group of suspected Russian hackers also known as Fancy Bear — testing out malware that launched malicious code on a computer when […]

The post Microsoft banks on new silicon chips built by Intel, others to fend off firmware attacks appeared first on CyberScoop.

Continue reading Microsoft banks on new silicon chips built by Intel, others to fend off firmware attacks

Cozy Bear kept moving after 2016 election, ESET says

One of the Kremlin-linked hacking groups that breached the Democratic National Committee in 2016 has remained active in the years that followed, even if it’s been less visible. Cozy Bear, also known as APT29 and the Dukes, began using different malicious software and new hacking techniques after 2016, according to findings published Thursday by the Slovakian security firm ESET. There wasn’t much public evidence of the group’s activity, but researchers say it did not go quiet after interfering in the U.S. presidential election. The hackers targeted U.S. think tanks in 2017, defense contractors in 2018 and three European countries’ ministries of foreign affairs. (The U.S. security firm FireEye suggested in November that Cozy Bear was showing signs of activity.) “Our new research shows that even if an espionage group disappears from public reports for many years, it may not have stopped spying,” ESET said in its report. “The Dukes were able […]

The post Cozy Bear kept moving after 2016 election, ESET says appeared first on CyberScoop.

Continue reading Cozy Bear kept moving after 2016 election, ESET says

Why did President Trump mention CrowdStrike to the Ukrainian president?

During a controversial phone call between President Donald Trump and Ukrainian President Volodymyr Zelenskiy in July, Trump asked Zelensky for a “favor” to help locate a “server” linked with security company CrowdStrike, according to an unclassified transcript of the call released Wednesday. “I would like you to do us a favor though because our country has been through a lot and Ukraine knows a lot about it. I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike … I guess you have one of your wealthy people … The server, they say Ukraine has it,” Trump said, according the document released by the White House. “I think you’re surrounding yourself with some of the same people. I would like to have the [U.S.] Attorney General [William Barr] call you or your people and I would like you to get to the bottom […]

The post Why did President Trump mention CrowdStrike to the Ukrainian president? appeared first on CyberScoop.

Continue reading Why did President Trump mention CrowdStrike to the Ukrainian president?