Collaborate Disseminate
With Donald Trump downplaying and denying Russian attempts to interfere with American elections, companies like Microsoft, Google, and Cloudflare have filled the void as defenders of democracy. Continue reading The Attack on Fair Elections Is a Great Marketing Opportunity For Tech Companies
The Russian intelligence office that breached the Democratic National Committee in 2016 has spoofed websites associated with the U.S. Senate and conservative think tanks in a further attempt to sow discord, according to new research from Microsoft. The tech giant last week executed a court order and shut down six internet domains set up by the Kremlin-linked hacking group known as Fancy Bear or APT 28, Microsoft President Brad Smith said. “We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group,” Smith wrote in a blog post. “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.” The domains were constructed to look like they belonged to the Hudson Institute and International Republican Institute, but were in fact phishing websites […]
The post Microsoft: Russians targeted conservative think tanks, U.S. Senate appeared first on Cyberscoop.
Continue reading Microsoft: Russians targeted conservative think tanks, U.S. Senate
The head of the National Security Agency and U.S. Cyber Command confirmed over the weekend that he has set up a task force to counter Russian cyberthreats to the United States. Describing Russia as a “near-peer threat” in cyberspace that has “great capabilities,”Gen. Paul Nakasone said the task force is “in line with what the intelligence community has really been doing since post-2016/2017.” Speaking at a conference in Aspen, Colo., Nakasone didn’t elaborate on the activities or composition of the so-called “Russia Small Group,” but he did allude to the challenges of responding proportionally to foreign cyber operations that do not amount to acts of war. U.S. intelligence agencies concluded in a report in January 2017 that hackers linked with the Russian government meddled in the 2016 U.S. presidential election by breaching multiple political organizations. “What we’ve seen our adversaries do over a period of years is the fact that they operate […]
The post NSA chief confirms he set up task force to counter Russian hackers appeared first on Cyberscoop.
Continue reading NSA chief confirms he set up task force to counter Russian hackers
The same Russian hacking group that breached the Democratic National Committee (DNC) also tried to penetrate the campaigns of several candidates running for the midterm elections, a Microsoft executive revealed for the first time Thursday. The disclosure marks the first known case of a foreign government explicitly targeting the 2018 election. Speaking on an election security panel at the Aspen Security Forum, Tom Burt, vice president for customer security and trust at Microsoft, said there had been three separate attempts to hack 2018 midterm campaigns earlier this year. Microsoft’s security team, which counts both Republican and Democratic campaigns among its clients, detected a series of spear phishing emails sent to midterm candidates. The emails paralleled similar activity from 2016 previously attributed to Russian hacking group “APT28,” also known as “Fancy Bear.” Burt declined to name the campaigns but said: “I can tell you that they were all people who, because […]
The post Microsoft reveals first known Russian hacking attempt aimed at 2018 midterms appeared first on Cyberscoop.
Continue reading Microsoft reveals first known Russian hacking attempt aimed at 2018 midterms
A malware framework that’s already infected hundreds of thousands of routers across the globe appears to be even more dangerous than originally thought, according to new findings by Cisco’s internal cybersecurity unit Talos. The latest results show that the malware, “VPNFilter,” affects a wider array of devices, including more than 11 different hardware vendors, and carries several previously unknown infection capabilities, such as the potential to manipulate internet traffic on the end device in novel ways. The Talos researchers revealed the additional analysis Wednesday after having first publicly documented the botnet last week. A significant percentage of the devices infected through VPNFilter are based in Ukraine, leading domestic security services to claim that the malware symbolized a national security threat. Broadly speaking, VPNFilter works by traversing the web and automatically targeting unpatched routers and servers that carry outdated software. The term “botnet” is used to describe an army of zombie computers […]
The post Russian-linked VPNFilter malware is even worse than originally thought, new research suggests appeared first on Cyberscoop.
The FBI seized a domain used to communicate with 500,000 infected routers Wednesday, cutting off a massive botnet that was possibly being used for a forthcoming cyberattack aimed at Ukraine. The Department of Justice obtained a seizure order Wednesday that allowed U.S. law enforcement to seize “toknowall.com,” which was used as the command and control in the “VPNFilter” botnet. VPNFilter was made public Tuesday, when it was announced that a combination of at least three groups — Cisco’s cybersecurity unit Talos, the non-profit information sharing group Cyber Threat Alliance (CTA) and U.S. law enforcement — have all been quietly notifying companies about the early stages of a potentially expansive cyberattack against Ukraine. In a seizure order made public Wednesday, the Department of Justice pinned the botnet on APT28, the hacking group known as “Fancy Bear.” The group is responsible for a number of high-profile hacks, including the 2016 hack of […]
The post FBI shuts down domain behind Russian ‘VPNFilter’ botnet appeared first on Cyberscoop.
Continue reading FBI shuts down domain behind Russian ‘VPNFilter’ botnet
But Ukraine’s government says it thinks that Russia will use “VPNFilter” to attack Saturday’s Champions League final. Continue reading Someone Has Infected At Least 500,000 Routers All Over The World And No One Knows Why
When Vitaly Kamluk, a security researcher with Kaspersky Lab, discovered a mysterious program named “Computrace” deeply burrowed into his colleagues’ computers, he expected to find an elite hacking group at the other end — something the Moscow-based cybersecurity firm is keenly familiar with. Instead, Kamluk had uncovered a flawed but legitimate tracking software program developed by a Canadian company, named Absolute Software, which had been apparently installed at the manufacturer level. Computrace — now known as LoJack For Laptops via a licensing agreement with the famous vehicle-tracking company — has been publicly documented as having security problems, based on multiple reports, which worried Kamluk because he knew someone could leverage the underlying program in an attack to gain remote access. “It was very alarming to find unauthorized instances of Computrace,” Kamluk told CyberScoop. “There was no explanation how those new private computers had Computrace activated … We contacted Absolute technical support and provided hardware serial numbers, as […]
The post Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops appeared first on Cyberscoop.
The world got a fresh reminder Tuesday of the difficulties associated with assigning blame for hacking – and of the consequences when a case of mistaken identity takes hold. New evidence reinforces the notion that a group dubbed the CyberCaliphate, which sent death threats to the wives of U.S. military personnel in 2015 under the banner of the Islamic State, is actually an infamous Russian-government-linked hacking group accused of meddling in the 2016 U.S. presidential election, the Associated Press reported. Activity from the CyberCaliphate coincided with attempts by the Russian group, known as APT28 or Fancy Bear, to breach the womens’ email accounts, according to the Associated Press. The episode brings to life established links between the CyberCaliphate and APT28 in a way that no cybersecurity research did. The hacking victims were led to believe that jihadists, and not state-backed Russians, were breaching their accounts and leaving threatening messages. Amy […]
The post Lawmakers call for action following revelations that APT28 posed as ISIS online appeared first on Cyberscoop.
Continue reading Lawmakers call for action following revelations that APT28 posed as ISIS online
Mark Zuckerberg revealed that Facebook’s security team identified Russian government hackers targeting US presidential campaigns and notified them of the hack attempts. Continue reading Zuckerberg: Facebook Identified and Notified Presidential Campaigns of Russian Hacking Attempts in 2016