Category Archives: attribution

Russian hackers heavily targeted news outlet in days before U.S. election, researchers say

Posted on by

Hackers working for the Russian government sent a barrage of targeted phishing emails between 2014 and 2016 to employees of major news outlets, and they focused particularly on Al Jazeera in the days before and shortly following the U.S. presidential election, according to new research by cybersecurity firm Trend Micro. It’s unclear exactly why the elite team of hackers — known as APT-28, Fancy Bear or Pawn Storm — focused so heavily on the Qatar-based, state-funded global broadcaster during that short window. Like other news agencies targeted over the longer two-year span, including the New York Times and Buzzfeed, the award-winning outlet covered the election in detail and dedicated a section of its website to election-night coverage. Trend Micro’s Forward-looking Threat Research, or FTR, team said staff at Al Jazeera were repeatedly sent phishing emails with deceptive links, including “account-aljazeera.net” and “sset-aljazeera.net.” The subject line for some emails sent by the hacking […]

The post Russian hackers heavily targeted news outlet in days before U.S. election, researchers say appeared first on Cyberscoop.

Continue reading Russian hackers heavily targeted news outlet in days before U.S. election, researchers say

WikiLeaks is probably exaggerating what’s in its latest CIA leak

Posted on by

WikiLeaks’ latest disclosure of secret CIA hacking capabilities, published March 31 as part of a package of documents dubbed “Marble,” describes how the spy agency obfuscates certain digital espionage techniques. The transparency organization is overselling what’s actually in the leaked computer code, experts say. The documents show that some hacking tools used by the CIA may have been constructed with code that contains foreign languages. It’s not uncommon nor out of scope for an intelligence service to design malware that can avoid detection, or to trick a target into believing a file is legitimate, according to Jake Williams, founder of Rendition InfoSec. “The news here is that the [CIA] does string obfuscation to keep their malware hidden from detection,” Williams said, “meaning they aren’t wasting your tax dollars.” The transparency organization led by Julian Assange has described the Marble library as “the digital equivalent of a specialized CIA tool to place covers over […]

The post WikiLeaks is probably exaggerating what’s in its latest CIA leak appeared first on Cyberscoop.

Continue reading WikiLeaks is probably exaggerating what’s in its latest CIA leak

Elite spies used leaked Hacking Team code to learn techniques and hide attacks

Posted on by

Highly sophisticated hackers are poaching components from a leaked library of exploits originally created by infamous Italian spyware maker Hacking Team — even though tools built with this copied code could be detected by basic antivirus products. Cybersecurity experts are confounded by the decision to include this code in the elite hackers’ malware, especially given that some groups adopting the material are conceivably capable of developing more evasive and effective exploits on their own. “To be honest, it doesn’t really make much sense,” said Cylance Director of Threat Intelligence Jon Gross. “This one sort of puzzled us … while you might see the criminal underground doing this, I wouldn’t immediately suspect an APT.” A mysterious, self-described black hat hacker named Phineas Phisher breached Hacking Team in 2015 and posted a trove of internal company documents and other data online. Some of the company’s exploits — like those that can compromise more recent […]

The post Elite spies used leaked Hacking Team code to learn techniques and hide attacks appeared first on Cyberscoop.

Continue reading Elite spies used leaked Hacking Team code to learn techniques and hide attacks

Active Defense Bill Raises Concerns Of Potential Consequences

Posted on by

A bill that would exclude organizations from prosecution for hacking back is already stirring up some concerns about potential unintended consequences. Continue reading Active Defense Bill Raises Concerns Of Potential Consequences

Attributing the DNC Hacks to Russia

Posted on by

President Barack Obama’s public accusation of Russia as the source of the hacks in the US presidential election and the leaking of sensitive e-mails through WikiLeaks and other sources has opened up a debate on what constitutes sufficient evidence to attribute an attack in cyberspace. The answer is both complicated and inherently tied up in political considerations. The administration is… Continue reading Attributing the DNC Hacks to Russia

Threatpost News Wrap, January 6, 2017

Posted on by

Mike Mimoso and Chris Brook discuss the news of the week, including on this week’s U.S. Senate Committee on Armed Service hearing, the Burlington Electric ‘Hack’, FireCrypt, and Security Without Borders.

Continue reading Threatpost News Wrap, January 6, 2017

Threatpost News Wrap, January 6, 2017

Posted on by

Mike Mimoso and Chris Brook discuss the news of the week, including on this week’s U.S. Senate Committee on Armed Service hearing, the Burlington Electric ‘Hack’, FireCrypt, and Security Without Borders.

Continue reading Threatpost News Wrap, January 6, 2017

Attribution, and when you should care: Part 1

Posted on by

Attribution is the practice of taking forensic artifacts of a cyber attack and matching them to known threats against targets with a profile matching your organization. If this seems overly complicated, that is intentional. There are degrees of attribu… Continue reading Attribution, and when you should care: Part 1