Roaming Mantis dabbles in mining and phishing multilingually

In May, while monitoring Roaming Mantis, aka MoqHao and XLoader, we observed significant changes in their M.O. The group’s activity expanded geographically and they broadened their attack/evasion methods. Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. Continue reading Roaming Mantis dabbles in mining and phishing multilingually

Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’. Continue reading Roaming Mantis uses DNS hijacking to infect Android smartphones

A Slice of 2017 Sofacy Activity

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard. Continue reading A Slice of 2017 Sofacy Activity

DNC hires first ever CSO ahead of 2018 midterms

The Democratic National Committee has named Bob Lord as its new chief security officer, hiring the former Yahoo CISO to lead the committee’s cybersecurity operations heading into the 2018 midterm elections. The hire was announced Thursday through a statement released by the DNC. The committee mentions that Lord will work with the organization’s own internal security team as well as in the field to support state parties, including efforts to update their “information security strategies” and improve practices to “change the economics” for attackers. “I’m confident Bob’s skills and hard work will help protect us against the sort of cyberattacks and intrusions that are unfortunately all too common in today’s age,” DNC Chair Tom Perez said in a release. “Defense is an essential part of any game plan, and I couldn’t be happier with Bob holding the line for the DNC.” The DNC has never employed a CSO before. But the […]

The post DNC hires first ever CSO ahead of 2018 midterms appeared first on Cyberscoop.

Continue reading DNC hires first ever CSO ahead of 2018 midterms

How the Democrats plan to stop hackers from breaching 2018 campaigns

“Never again,” says Aaron Trujillo, chief of staff for the Democratic Congressional Campaign Committee. “That’s the message.” Roughly one year ago, the DCCC — the campaign arm for Democrats in the House of Representatives — revealed that its systems were breached by hackers. The cyberattacks, as it was later reported, were connected to a broader operation that included multiple computer intrusions into the Democratic National Committee, the party’s national organization. Closer to Election Day, it was revealed that there were links between the DCCC breach incident and the GRU, Russia’s premier military intelligence agency. Russian government officials quickly denied that the Kremlin was involved in either incident. The breach marked the beginning of a larger issue. In August 2016, less than one month after the DCCC hack had been publicly disclosed, a blog written under the moniker of  “Guccifer 2.0” began publishing thousands of sensitive, internal DCCC documents. They included […]

The post How the Democrats plan to stop hackers from breaching 2018 campaigns appeared first on Cyberscoop.

Continue reading How the Democrats plan to stop hackers from breaching 2018 campaigns

Russian hackers targeted Obama’s aides as early as 2007, and attempts continue, report says

Russia’s preeminent cyber-espionage group, known as APT28 or Fancy Bear, heavily targeted Barack Obama’s staff during the 2008 campaign, according to newly published research by U.S.-based cybersecurity firm Area 1 Security. The former president’s closest allies — including campaign staff, top aides and other senior U.S. officials — began receiving a barrage of phishing emails from Russian spies as far back as 2007, when he was still a U.S. senator. Some Obama associates continue to be targeted, Area 1 said. Ex-officials are still being sent phishing emails even though they left government years ago, a trend that shows the attackers’ persistence in trying to compromise assets. A blog post published Friday afternoon by Area 1 shows that associated phishing emails commonly employed subject lines like “just FYI,” “RFI,” “eFax,” or “Elections.” Several corresponding attachments were titled as “harvard-iop-fall-2016-poll[.]doc” and “37486-the-shocking-truth-about-election-rigging-in-america[.]rtf[.]lnk.” The evidence uncovered by Area 1, a firm founded by National Security Agency veterans, offers […]

The post Russian hackers targeted Obama’s aides as early as 2007, and attempts continue, report says appeared first on Cyberscoop.

Continue reading Russian hackers targeted Obama’s aides as early as 2007, and attempts continue, report says

Billionaire Trump Funder Also Paid for Milo Yiannopoulos’ College Speaking Tour

University of Washington records confirm Yiannopoulos’ speaking fee as zero dollars, and entirely self-financed. Continue reading Billionaire Trump Funder Also Paid for Milo Yiannopoulos’ College Speaking Tour