Collaborate Disseminate
Austria’s Foreign Ministry fought off a cyberattack over the weekend that it says was likely directed by a foreign state. The ministry said the attack started on Jan. 4 and might continue for a few more days, it but revealed few further details. … Continue reading Austria Repels Foreign State-Sponsored Attempt to Hack Foreign Ministry
Threatpost editors discuss this week’s biggest news – from a data breach of Bed Bath & Beyond, a tricky phishing attack and widespread APT activity. Continue reading News Wrap: APTs, Office 365 Voicemail Phish and Bed Bath & Beyond Breach
The Pentagon once again is sending cyber personnel overseas to gather intelligence to help protect the 2020 presidential elections against foreign interference, the U.S. Embassy in Montenegro announced this week. U.S. European Command and U.S. Cyber Command are deploying an undisclosed number of staffers to Montenegro in order to gain insights into cyber threats from adversaries before both the U.S. and Montenegrin elections next year. It’s the second time in as many years the Department of Defense is running going through the effort as part of a partnership that’s uniquely poised to provide insights on possible Russian election interference. Montenegro and the U.S. both have been targeted by the Russian government-linked hacking outfit APT28, or Fancy Bear. If Cyber Command uncovers similar activity again in Montenegro, those insights could inform decisions on how to safeguard the U.S. “Montenegro is among the first in Europe to face unconventional attacks on its democracy and freedom […]
The post Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections appeared first on CyberScoop.
Continue reading Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections
The APT is once again targeting the sports world, Microsoft warns. Continue reading Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom
State-sponsored Russian hackers are targeting anti-doping authorities and other sports-related organizations ahead of the Tokyo Olympics in 2020, Microsoft announced on Monday. The hacking group known as Fancy Bear — or Strontium, APT28 and other names — targeted at least 16 national and international organizations across three continents starting Sept. 16, Tom Burt, Microsoft’s vice president for customer security and trust said in a blog post. That date roughly coincides with when World-Anti Doping Agency officials told international media outlets that Russia may be banned from all international sporting events over “inconsistencies” at its Moscow testing facility. Microsoft reported Monday that some of the attacks detected in recent weeks were successful, but “the majority were not.” The company did not name any specific victims. The news comes less than a year before the next Summer Games begin in July 2020. The World Anti-Doping Authority long has been a target of interest for Russian hackers. Fancy […]
The post Fancy Bear hackers targeted at least 16 athletic organizations ahead of Tokyo Olympics appeared first on CyberScoop.
Microsoft is pushing an initiative meant to protect its computers’ most sensitive data amid recent revelations that nation-state hackers are beginning to exploit the fragmented nature of the company’s supply chain. The company on Monday started pushing Secured-core PCs, its term for machines that will come with Windows 10, Microsoft’s latest PC operating system; Windows Hello, which allows users to log in without a password; and, most importantly, silicon microchips built by Intel Corp., Qualcomm and AMD that are meant to more closely guard sensitive data. By ensuring that PCs are loading legitimate Windows operating systems when a devices activate, the plan goes, Microsoft will ensure that users aren’t actually loading a malicious OS inserted by an outsider. The effort goes public more than a year after security researchers at ESET caught APT28 — a group of suspected Russian hackers also known as Fancy Bear — testing out malware that launched malicious code on a computer when […]
The post Microsoft banks on new silicon chips built by Intel, others to fend off firmware attacks appeared first on CyberScoop.
One of the Kremlin-linked hacking groups that breached the Democratic National Committee in 2016 has remained active in the years that followed, even if it’s been less visible. Cozy Bear, also known as APT29 and the Dukes, began using different malicious software and new hacking techniques after 2016, according to findings published Thursday by the Slovakian security firm ESET. There wasn’t much public evidence of the group’s activity, but researchers say it did not go quiet after interfering in the U.S. presidential election. The hackers targeted U.S. think tanks in 2017, defense contractors in 2018 and three European countries’ ministries of foreign affairs. (The U.S. security firm FireEye suggested in November that Cozy Bear was showing signs of activity.) “Our new research shows that even if an espionage group disappears from public reports for many years, it may not have stopped spying,” ESET said in its report. “The Dukes were able […]
The post Cozy Bear kept moving after 2016 election, ESET says appeared first on CyberScoop.
Continue reading Cozy Bear kept moving after 2016 election, ESET says
During a controversial phone call between President Donald Trump and Ukrainian President Volodymyr Zelenskiy in July, Trump asked Zelensky for a “favor” to help locate a “server” linked with security company CrowdStrike, according to an unclassified transcript of the call released Wednesday. “I would like you to do us a favor though because our country has been through a lot and Ukraine knows a lot about it. I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike … I guess you have one of your wealthy people … The server, they say Ukraine has it,” Trump said, according the document released by the White House. “I think you’re surrounding yourself with some of the same people. I would like to have the [U.S.] Attorney General [William Barr] call you or your people and I would like you to get to the bottom […]
The post Why did President Trump mention CrowdStrike to the Ukrainian president? appeared first on CyberScoop.
Continue reading Why did President Trump mention CrowdStrike to the Ukrainian president?
Researchers warn that the Russia-linked APT has freshened up their tools with an improved downloader and more. Continue reading Zebrocy Retools for New Political Attacks
A years-long project from researchers at the National Security Agency that could better protect machines from firmware attacks will soon be available to the public, the lead NSA researcher on the project tells CyberScoop. The project will increase security in machines essentially by placing a machine’s firmware in a container to isolate it from would-be attackers. A layer of protection is being added to the System Management Interrupt (SMI) handler — code that allows a machine to make adjustments on the hardware level — as part of the open source firmware platform Coreboot. Eugene Myers, who works in the National Security Agency’s Trusted Systems Research Group, told CyberScoop that the end product — known as an SMI Transfer Monitor with protected execution (STM-PE) — will work with x86 processors that run Coreboot. Attackers are increasingly targeting firmware in order to run malicious attacks. Just last year, the first-ever documented UEFI rootkit was deployed in the wild, according […]
The post How an NSA researcher plans to allow everyone to guard against firmware attacks appeared first on CyberScoop.
Continue reading How an NSA researcher plans to allow everyone to guard against firmware attacks