attribution – Page 4 – WindowsTechs.com

Right country, wrong group? Researchers say it wasn’t APT10 that hacked Norwegian software firm

Posted on February 12, 2019 by Sean Lyngaas

Keeping the world’s dizzying array of hacking groups straight has become a challenge for researchers and journalists. One person’s Helix Kitten is another’s OilRig, sowing confusion — in this writer as well as others — about where one group ends and the next one begins. But getting hacking taxonomy right matters because knowing which group is responsible for malicious activity can help network defenders secure their data. That’s why researchers from multiple companies are pointing out what they say is a case of mistaken attribution of a global hacking operation. A report published last week by cybersecurity companies Recorded Future and Rapid7, blamed a well-known Chinese threat group, labeled APT10 in the West, for breaching a Norwegian software vendor, a U.S. law firm, and an international apparel company. APT10, which U.S. officials and private analysts have linked to China’s civilian intelligence agency, gained greater notoriety in December when the Department of Justice announced […]

The post Right country, wrong group? Researchers say it wasn’t APT10 that hacked Norwegian software firm appeared first on CyberScoop.

Continue reading Right country, wrong group? Researchers say it wasn’t APT10 that hacked Norwegian software firm→

North Korea could accelerate commercial espionage to meet Kim’s economic deadline

Posted on January 28, 2019 by Sean Lyngaas

Perhaps more than any other nation-state, North Korea-linked hackers have shown no limits in what they will target – from a Hollywood entertainment company to a Bangladeshi bank. Divining a method to the madness is key to warning potential victims. And analysts say that foreign corporations and defectors have been high on the list of Pyongyang’s potential targets lately. On New Year’s Day, North Korean dictator Kim Jong Un delivered his annual address, telling North Koreans, and the world, what would preoccupy his reclusive regime’s time in the coming months. The message was clear: with its nuclear weapons program well underway, Pyongyang would continue to try to develop its anemic economy. “The might of the independent socialist economy should be further strengthened,” he said. By 2020, according to its national economic development plan, North Korea wants to make advances in key sectors like coal, agriculture, and machinery, and time is running out. North Korea’s cyber […]

The post North Korea could accelerate commercial espionage to meet Kim’s economic deadline appeared first on CyberScoop.

Continue reading North Korea could accelerate commercial espionage to meet Kim’s economic deadline→

Ryuk Hauls in $3.7M in ‘Earnings,’ Adds TrickBot to the Attack Mix

Posted on January 14, 2019 by Tara Seals

The malware’s operator, Grim Spider, could be affiliated with Russian cybercrime rings, according to some — others say there’s no concrete evidence. Continue reading Ryuk Hauls in $3.7M in ‘Earnings,’ Adds TrickBot to the Attack Mix→

The Cyber Attribution Dilemma: 3 Barriers to Cyber Deterrence

Posted on December 28, 2018 by Jan Dyment

The concept of mutually assured destruction (MAD) has historically prevented nuclear war, but threat actors’ advanced obfuscation techniques have made cyber deterrence difficult if not impossible.

The post The Cyber Attribution Dilemma: 3 Barriers to Cyber Deterrence appeared first on Security Intelligence.

Continue reading The Cyber Attribution Dilemma: 3 Barriers to Cyber Deterrence→

Cybersecurity firm Area 1 defends pointing finger at China over European cables hack

Posted on December 19, 2018 by Sean Lyngaas

Chinese military hackers have used a persistent phishing campaign to steal thousands of European diplomatic cables on sensitive topics ranging from counterterrorism to technology exports, cybersecurity researchers charged Wednesday. The years-long operation targeted over 100 organizations, including the United Nations and the AFL-CIO, according to Area 1, a California-based cybersecurity company. The China’s People’s Liberation Army (PLA) was behind the effort, Area 1 said. The company did not list detailed forensic evidence linking the hack to the PLA, drawing criticism from other researchers as to why an attribution was made. But Area 1 defended its work, telling CyberScoop it had plenty of evidence of China’s role in the breach. A spokesperson for the Chinese embassy in Washington, D.C., did not respond to a request for comment on the allegations. European Union officials said Wednesday that they were investigating the breach. In an interview with CyberScoop, Area 1 co-founder Blake Darché said the company had […]

The post Cybersecurity firm Area 1 defends pointing finger at China over European cables hack appeared first on CyberScoop.

Continue reading Cybersecurity firm Area 1 defends pointing finger at China over European cables hack→

Marriott Hack Reported as Chinese State-Sponsored

Posted on December 13, 2018 by Bruce Schneier

The New York Times and Reuters are reporting that China was behind the recent hack of Marriott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to… Continue reading Marriott Hack Reported as Chinese State-Sponsored→

Was the Triton Malware Attack Russian in Origin?

Posted on October 31, 2018 by Bruce Schneier

The conventional story is that Iran targeted Saudi Arabia with Triton in 2017. New research from FireEye indicates that it might have been Russia. I don’t know. FireEye likes to attribute all sorts of things to Russia, but the evidence here looks pretty good…. Continue reading Was the Triton Malware Attack Russian in Origin?→

Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid

Posted on October 17, 2018 by Sean Lyngaas

Ever since the seminal cyberattacks on the Ukrainian power grid in 2015 and 2016, researchers have traced the evolution of the broad set of hackers behind the attacks in an effort to warn organizations the hackers might strike next. On Wednesday, analysts from cybersecurity company ESET added to that body of knowledge in revealing a quieter subgroup of those hackers that has targeted energy companies in Ukraine and Poland. ESET has dubbed the group GreyEnergy, a derivative of the original group of hackers, which have been known as BlackEnergy. Whereas BlackEnergy is known for the disruptive 2015 attack on the Ukrainian grid that cut power for roughly 225,000 people, GreyEnergy has to date preferred reconnaissance and espionage, according to ESET. The group has taken screenshots of its possible targets, stolen credentials, and exfiltrated files. “Clearly, they want to fly under the radar,” said Anton Cherepanov, the company’s lead researcher on […]

The post Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid appeared first on Cyberscoop.

Continue reading Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid→

Chinese Supply Chain Hardware Attack

Posted on October 4, 2018 by Bruce Schneier

Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China. I’ve written about (alternate link) this threat more generally. Supply-chain security is an insurmountably hard problem. Our IT industry is inexorably international, and anyone involved in the process can subvert the security of the end product. No one wants to even… Continue reading Chinese Supply Chain Hardware Attack→

U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy

Posted on September 6, 2018 by Tara Seals

The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world.” Continue reading U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy→