APT28 – Page 9 – WindowsTechs.com

Ukraine blames infamous Russian hackers for ‘BadRabbit’ ransomware attack

Posted on November 2, 2017 by Chris Bing

A group of hackers believed to be associated with Russia’s Main Intelligence Directorate (GRU), better known as APT28 or Fancy Bear, was responsible for last week’s international ransomware attack dubbed “BadRabbit,” according to Ukraine’s top law enforcement agency, the Security Service of Ukraine (SBU). In a letter sent to CyberScoop on Wednesday, SBU officials laid blame on APT28 for launching the massive, coordinated attack that disrupted business operations for hundreds of organizations based in Ukraine and Russia. Victims included multiple Russian news outlets, government organizations in both countries and Ukrainian transportation services. An official with Ukraine’s state cyber police announced Thursday, as part of an interview with Reuters, that the hackers behind BadRabbit intended for the ransomware to effectively act as a smokescreen while they simultaneously sent highly targeted phishing emails to several organizations. The phishing emails were designed to gain access to “financial and confidential information.” The state cyber police did not […]

The post Ukraine blames infamous Russian hackers for ‘BadRabbit’ ransomware attack appeared first on Cyberscoop.

Continue reading Ukraine blames infamous Russian hackers for ‘BadRabbit’ ransomware attack→

Cyber Security Roundup for October 2017

Posted on November 1, 2017 by Dave Whitelegg

State-orchestrated cyber attacks have dominated the media headlines in October, with rogue state North Korea and its alleged 6,800 strong cyber force blamed for several cyber attacks. International intelligence scholars believe the North Korean leadership are using cyber warfare to up the political ante with their ongoing dispute with the United States. The North Koreans, as well as terrible security practices, were directly blamed by the UK National Audit Office for the recent NHS WannaCry attack (despite North Korea denying it). North Korea was also reported to be implicated in the stealing US War Plans from South Korea, and for a spear phishing campaign against the US Power Grid. The possible Russian manipulation of the US election with cyber attacks and rogue social media campaigns is still a story not going away, while the Chinese are alleged to be behind the data theft of Australian F-35 fighter jet, in what is described as an ‘extensive’ Cyberattack. The finger was pointed at Iran for the recent Parliamentary Emails cyber attacks in the UK, meanwhile, EU governments venting their cyber concern, warning that Cyber Attacks can be an Act of War.

Stephen Hawking caused controversy in both the science and tech industry last year when he said Artificial Intelligence could be a serious threat to human existence, could the plot of The Terminator really come to fruition? Perhaps so, as it was reported that AI had already defeated the Captcha Security Check system. Personally, I believe both AI and Quantum Computing will pose significant new threats to cybersecurity space in the next decade.

A far higher number of personal records were compromised in the Equifax data breach than was previously thought, with millions of UK citizens confirmed to be impacted by the US-based credit checking agency hack. Equifax’s now ex-CEO provided an interesting blow-by-blow account of the cyber-attack at a US government hearing, even though Equifax technical staff were specifically warned about a critical Apache Struts (web server) patch, it was ignored and not applied, which in turn allowed hackers to take full advantage of vulnerability to steal the Equifax data on mass. To make matters even worse, the Equifax consumer breach help website was found to be infecting visitors with spyware.

Yahoo revealed all 3 Billion of its user accounts had in fact been breached, in what is truly an astonishing mammoth sized hack, biggest in all history, so far. Elsewhere on the commercial hacking front, Pizza Hut’s website was reported to be hacked with customer financial information taken, and Disqus said a 2012 breach it discovered in October exposed the information of 17.5 million its users from as far back as 2007.

It was a super busy month for security vulnerability notifications and patch releases, with Microsoft, Netgear, Oracle, Google, and Apple all releasing rafts of critical level patches. A serious weakness in the wireless networking WPA2 protocol was made public to great fanfare after researchers suggested all Wifi devices using WPA2 on the planet were vulnerable to an attack called Krack, which exploited the WPA2 weakness. Krack is a man-in-the-middle attack which allows an attacker to eavesdrop or redirect users to fake websites over Wifi networks secured using the WPA2 protocol. At the time of writing most wireless access point vendors and operating system providers had released patches to close the WPA2 vulnerability, and there have been no known exploits of the vulnerability reported in the wild.

BadRabbit is a new strain of ransomware which is emerging and is reported to be infecting systems and networks in Russia and the Ukraine at the moment. BadRabbit is the latest network self-propagating malware, like NotPeyta and WannaCry, to use the NSA EternalRomance hacking tool. A massive new IoT botnet was discovered, its continued growth is fuelled by malware said to be more sophisticated than previous IoT botnet king, Mirai. Russian based threat actor group APT28 is said to be targeting the exploitation of a recently patched Adobe vulnerability (CVE-2017-11292), in using a malicious Microsoft Word attachment, so ensure you keep on top of your system patching and always be careful when opening email attachments.

Finally, the UK National Cyber Security Centre (NCSC) released its first annual report, as it seeks to improve cybersecurity across the UK. Among NCSC achievements cited in the report are:

The launch of Active Cyber Defence, credited with reducing average time a phishing site is online from 27 hours to 1 hour
Led UK response to WannaCry
Advice website with up to 100,000 visitors per month
Three-day Cyber UK Conference in Liverpool
43% increase in visits to the Cyber Security Information Sharing Partnership (CiSP)
Produced 200,000 physical items for 190 customer departments via UK Key Production authority to secure and protect communications of Armed Forces and national security
1,000 youngsters on CyberFirst courses and 8,000 young women on CyberFirst Girls competition.
Worked with 50 countries, including signing Nato’s MoU

NEWS

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

REPORTS

The post Cyber Security Roundup for October 2017 appeared first on Security Boulevard.

Continue reading Cyber Security Roundup for October 2017→

PRNG Weakness Reflects Poorly on Government Crypto Certification

Posted on October 24, 2017 by Lucian Constantin

Security researchers discovered that the pseudorandom number generator that underpins cryptographic operations in Fortinet appliances and products from other 11 other vendors rendered encrypted traffic vulnerable to snooping for years. The affected pro… Continue reading PRNG Weakness Reflects Poorly on Government Crypto Certification→

DNC hackers using NATO cyber conference to find phishing targets, researchers find

Posted on October 23, 2017 by Chris Bing

Security researchers recently found evidence showing that the same infamous hacking group responsible for last year’s breach at the Democratic National Committee were attempting to spy on people interested in an upcoming D.C.-based cybersecurity conference, according to Cisco’s Talos research team. In a blog post published Sunday, Talos noted that Group 74, otherwise known as APT28 or Fancy Bear recently sent a wave of spear phishing emails carrying malware-laden Microsoft Word attachments. These malicious emails contained information regarding a conference known as CyCon that’s taking place in early November. The event is produced by the U.S. Army Cyber Institute in collaboration with NATO. The conference often features top leaders from both the U.S. government and other allied nations who help guide cybersecurity relevant policy and missions. “This attack is another example of sophisticated social engineering undertaken by the bad guys in order to trick their intended victims into opening malicious […]

The post DNC hackers using NATO cyber conference to find phishing targets, researchers find appeared first on Cyberscoop.

Continue reading DNC hackers using NATO cyber conference to find phishing targets, researchers find→

Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism

Posted on August 30, 2017 by Chris Bing

In the face of allegations that Kaspersky Lab works hand-in-hand with Russian intelligence, the Moscow-based cybersecurity published a detailed report Wednesday exposing a complex and expansive cyber-espionage operation orchestrated by what appears to be a Russia-based hacking group. The research, authored by Kaspersky’s high-level GReAT team, reveals some of the techniques, processes and tools used by an attacker with similarities to two known hacking groups, Sofacy and Turla. Both of these groups are considered advanced persistent threats (APTs) and have been linked to the Russian government by U.S. cybersecurity firms CrowdStrike and FireEye. Kaspersky rarely attributes hacking groups to particular governments. This latest activity revealed by Kaspersky is codenamed “WhiteBear,” as it resembles but doesn’t match up entirely with known Sofacy or Turla operations. WhiteBear is likely a subgroup within or campaign of Turla group, the firm says. Based on a technical analysis by Kaspersky, WhiteBear’s recent activity appears to represent […]

The post Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism appeared first on Cyberscoop.

Continue reading Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism→

Fancy Bear bites hotel networks as EternalBlue mystery deepens

Posted on August 15, 2017 by John E Dunn

The attack, presumably to spy on high-value hotel guests, is textbook Fancy Bear, say researchers Continue reading Fancy Bear bites hotel networks as EternalBlue mystery deepens→

APT28, Gmail, Game of Thrones leak, and WannaCry – Hack Naked News #136

Posted on August 15, 2017 by Paul Asadoorian

Allowing terrible passwords, four arrested in Game of Thrones leak, using EternalBlue to attack hotel guests, and more. Don Pezet of ITProTV joins us to deliver expert commentary on this episode of Hack Naked News! News Too many big online brands allow terrible passwords – Dashlane, a company providing secure authentication mind you, has evaluated the […]

The post APT28, Gmail, Game of Thrones leak, and WannaCry – Hack Naked News #136 appeared first on Security Weekly.

Continue reading APT28, Gmail, Game of Thrones leak, and WannaCry – Hack Naked News #136→

Russian Hackers Spying on VIP Hotel Guests Using Leaked NSA Tool

Posted on August 12, 2017 by Waqas

By Waqas
Fancy Bear (1) or APT28 (2) is a Russia hacker
This is a post from HackRead.com Read the original post: Russian Hackers Spying on VIP Hotel Guests Using Leaked NSA Tool
Continue reading Russian Hackers Spying on VIP Hotel Guests Using Leaked NSA Tool→

APT28 Using EternalBlue to Attack Hotels in Europe, Middle East

Posted on August 12, 2017 by Tom Spring

Researchers believe attacks against wi-fi systems in hotels across Europe and the Middle East track back to Russian-speaking hackers known as APT28. Continue reading APT28 Using EternalBlue to Attack Hotels in Europe, Middle East→

DNC hackers are using leaked NSA tools to spy on hotel guests across Europe

Posted on August 11, 2017 by Chris Bing

A group of Russian hackers best known for breaking into the Democratic National Committee have been using a leaked NSA espionage tool to target hotels across Europe in an apparent attempt to spy on specific guests, according to new research published by cybersecurity firm FireEye. The research underscores how cyber-espionage outfits backed by nation-states are readily leveraging a cache of NSA hacking tools that were leaked over the last year by a mysterious group named The Shadow Brokers. The U.S. government is currently engaged in an extensive counterintelligence investigation to identify who is behind The Shadow Brokers, CyberScoop first reported, with the recent focus pointed at a former U.S. intelligence community insider. Computer networks of at least seven hotels across Europe and one in the Middle East were infected with malware used by the Russian hackers, codenamed APT28 or Fancy Bear by security researchers. “FireEye has moderate confidence that a campaign targeting […]

The post DNC hackers are using leaked NSA tools to spy on hotel guests across Europe appeared first on Cyberscoop.

Continue reading DNC hackers are using leaked NSA tools to spy on hotel guests across Europe→